A change has been made to the way PHP is configured on the web server hosting www.ru.ac.za, www.coelacanth.ac.za, expert.ru.ac.za, labs.ru.ac.za, www.ribs.ru.ac.za, bots.ru.ac.za, sacs.ru.ac.za, mathsnet.ru.ac.za, www.rhodes.ac.za, www.jlbsmith.ru.ac.za, www.saiab.ru.ac.za, and botany.ru.ac.za. This change affects all PHP scripts that make use of register_globals or register_argc_argv.

For a number of years now, the default values of these two configuration variables has been "off". We've maintained the as "on" on Rhodes' main web server largely for backwards compatability reasons -- there was a fair amount of old PHP code that relied on global variables. Unfortunately, there are a number of security risks associated with keeping register_globals in particular turned on. These risks are detailed in http://za2.php.net/manual/en/security.globals.php.

As a result we've now turned register_globals and register_argc_argv "off". This makes us compliant with current best practices for running a PHP-enabled web server. It does, however, mean that any old PHP code that still depends on globals being registered. In general, most well designed PHP written in the last two years or so will be unaffected by this change. Older code will almost certainly be affected. This WILL break some web pages.

Users are encouraged to check any web pages they host on the above domains and ensure that they're still functioning correctly. Should you encounter any problems you can't fix yourself, please direct them to webmaster@ru.ac.za.