Many shared server environments currently run .php scripts using the PHP4 interpreter and .php5 code using the PHP5 interpreter. Rather than changing all your file extensions, and perhaps breaking many links, use a .htaccess file to map one extension to the other dynamically.
One common reason for doing this is that hosts leave PHP4 configured with register_globals ON in order to support legacy code while offering PHP5 with register_globals OFF. If you are on a shared server at a host that has configured register_globals ON server-wide, you should be very worried!
Turning register globals OFF via a local php.ini or a .htaccess file will NOT offer you any extra protection. Another exploited account on your server can simply hack yours. For server security, and since PHP 4.2, register globals are OFF server-wide by default (PHP default).
Any host overriding this is inviting trouble. If you need to register globals ON for a specific site, simply use a .htaccess file in that particular directory, and server-wide security will not be compromised. Of course, if you do this be sure all affected scripts thoroughly sanitize input data.
- Your Apache server must be configured to use .htaccess files. If not, you may be able to request this from your host.
- Your Apache configuration must allow the following setting. If not, you may be able to request this from your host.
- Your host must have configured the .php and .php5 file extensions as described above. If not, they may possibly have chosen other extensions. Check with your host.
- Check to be sure your site is configured to use .htaccess files.
- Make a backup of the .htaccess file in your root public_http directory. If you don’t have a .htaccess file at this location, create one now.
- There are various ways to set the command, depending on your server configuration. One of the following will probably work. Add ONE of the following lines at the end of your .htaccess file. If unsure which to use, check with your hosting provider on which version works best for your configuration.
- Carefully test.
- Delete the backup .htaccess file. Don’t leave backups of .htaccess files in public directories.
AddType x-mapp-php5 .php AddHandler application/x-httpd-php5 .php AddHandler cgi-php5 .php