cross country
the legless hitchhiker
cabin works
a bear and ella
Monthly Archive for July, 2008
I love stickes but it wasnt built for this:
I want a gui for a text file that I use as a daily diary.
C is the best option…
it seems people who don’t understand the variety in packages their webhosting provides run into these problems..
1&1 offers many paths for webhosting and the cheapest (basic/beginner packages & using linux) requires something like option C from my previous post for a fix… I bet this is the same with other cheap hosting accounts.
oh i quote from 1&1 RTFAQ:
Disabling global variables:
The following will disable global variables on root servers, managed servers, and shared hosting.
This will help prevent PHP injection attacks.
.htaccess
# Offers protection during hacking attempts by NOT displaying
# error messages, server paths, and turning off your globals.
php_value display_errors off
php_value register_globals off
#recursive
#only on a root server or a managed server that has PHP loaded as a
module
php.ini
# Disable register_globals for security reasons
register_globals = ‘off’
#not recursive-must be in every directory where you want it
#The below solution is the only solution for shared hosting-
#only works on a managed server or a root server
http://faq.1and1.com/scripting_languages_supported/php/upgrade/6.html
What do I need to consider if I want to use PHP5?
With 1&1 Linux hosting packages you have the choice between PHP3, PHP4
and PHP5. To distinguish a script as PHP5, simply name the script with the
file extension .php5.
While the PHP developers have done their utmost to ensure compatibility, we
cannot guarantee that PHP4 scripts will function 100% correctly under PHP5.
Please note that in contrast to PHP4, the default for the variable
RegisterGlobals is “off”.
By default Apache uses PHP4 for .php extension. If you don’t want to rename
all your scripts to .php5 you can do the following:
Create a .htaccess file and place the following line AddType x-mapp-php5
.php in it.
This will tell Apache to use PHP 5 instead of PHP4 for the extension .php
in the directory the .htaccess is placed and all sub-directories under it.
It looks like there are 2-3 ways for 1&1 basic level webhosting users to configure the php flag register_globals with CMS packages like drupal or pixelpost (the register_globals should be ‘off’ for security reasons)
(A) edit .htaccess file by adding the following line [ha! this hasn't worked in drupal_6.2 for me yet!] (I always prefer vim and if you don’t use it, spend 25 minutes learning it by typing ‘vim tutor’ at a terminal prompt!)
php_value register_globals 0
- since 1and1 basic webhosting doesn’t include a file editor (AFAIK): Edit on your local system with vi/m (plain text editing) on the drupal .htaccess file (the .htaccess file is in the drupal directory, you can name it ‘htaccess’ without a ‘.’ from the terminal to make it visible, you do know how to use basic unix commands in the terminal, right? Alternative is to change os X folder view options and make .htaccess files visible!)
- upload using the 1&1 webspace exploder, erase the previous .htaccess file and rename the one you just uploaded to .htaccess
- but this didn’t work right off! editing the big drupal .htaccess file by adding in the single line above resulted in a 500 Internal server error!
(B) The second option is to use your editor on a php.ini file (again, use VIM) [this WORKED, but I'm stubborn to get the orginal .htaccess file working!]
register_globals = off
(one could also add in the memory usage directives that drupal needs currently not sure that this init file is enough, as drupaoperates on many subdirectories and this may only cover a single one, the following is perhaps a better path)
(C) option threee: I have not tested this yet! use at your own risk as this is just forum chatter I overheard
again, make a .txt file called htaccess and add the following data, then upload the file to 1&1 at drupal’s root and rename it “.htaccess”
#Forcer PHP5 chez 1and1
AddType x-mapp-php5 .php
As PHP5 has “Register Globals” set to 0 by default at 1&1 !