PHP Overrides

From TNG_Wiki
Jump to: navigation, search

PHP settings

To view your hosting service PHP settings, go to Admin >> Setup >> then select the Diagnostics tab, and click the link for PHP Info Screen.

TNG Diagnostic.jpg


If your hosting service has register_globals = on and allow_url_fopen = on, you can override those options and turn them off, by creating a php.ini file and placing the created php.ini file in every directory where php scripts are executed, or you may be able to use a .htaccess file. See When to use .htaccess or php.ini files provided by BruceM on user2 list on 25 Feb 2009

PHP allow url fopen.jpg

PHP register globals.jpg

PHP Override

If TNG is installed in a genealogy subdirectory, then that means you need to put the php.ini override in your root directory, the genealogy subdirectory, and the genealogy/admin subdirectory.

You will need to check with your hosting service as to what other parameters you may need to include for compatibility reasons.


register_globals = off 
allow_url_fopen = off


PHP allow url fopen overridden.jpg

PHP register globals overridden.jpg


.htaccess overrides

It may be possible to use .htaccess to provide the overrides, if your host is not running phpSuExec. See When to use .htaccess or php.ini files provided by BruceM on user2 list on 25 Feb 2009

References

PHP Security Expose

PhpSecInfo Test Information determines if the expose_php setting is enabled. provided by Henny Savenje on user2 list on 25 Feb 2009

Related Links

The following provide additional security measures:

Controlling Site Access

Protecting Resources

  • Turn off global register and other PHP overrides

Checking your site for Malware