Using register globals in PHP is seen by many in the community as a security risk. That being said OSTicket wants you to disable register globals because of this risk. However a lot of people who deploy OSTicket are not system administrators who know how to do this. This short article will outline three different ways that you can achieve this.
1. Manually locate and edit your php.ini. Location of this file will vary depending on Operating System and version. However some common locations are:
Debian Linux (etch or squeeze)
location: /etc/php5/apache2/php.ini
Windows Server 2008
location: C:\Program Files\PHP\php.ini
If you cannot find your php.ini there are a couple easy ways to find it such as search. I usually create a php file called info.php which contains:
Put it in your web tree and view it in a web browser. It will tell you where the ini file resides.
Once you have located it, open it in your favorite text editor (vi, emacs, notepad, notepad+, etc) and locate the register_globals directive. Set it to off.
register_globals = off
2. Some web hosts allow a custom php.ini file that over rides their settings. If you do not have access to your servers PHP.ini and your web host allows this, simply create a php.ini in your web tree root and add the following line:
register_globals = off
3. If you are running Apache you can disable it via .htaccess file. Edit your .htaccess file or create a new file of that name and put the following line in it:
php_flag register_globals off
Some FTP clients may not display this file so make sure that yours does before you upload the file to your server. The last thing that you want to do is over write an intricate .htaccess file and muck up your site. Always check to see if you have one.