Topic: | register_globals=on not supported |
Severity: | Critical |
Versions affected: | all past and future versions |
Reported by: | moodle.com |
Issue no.: | MDL-12914 |
Solution: | set register_globals=off |
Description:
Recently we have discovered several security problems in Moodle code exploitable when register_globals are enabled. This setting is considered to be highly problematic and is the most common source of security problems in PHP applications and PHP itself.
Due to the frequency of reported bugs in Moodle core and extensions caused by this obsoleted setting we have decided to stop supporting servers with register_globals=on completely. Please note that PHP developers do not considered this feature suitable for production servers and it will be completely removed in PHP6.
Latest Moodle versions print a warning on administration notification page if enabled register_globals detected. Please make sure all your servers are properly configured.