During the Joomla installation, in the first page of the setup, the installation script checks the server setup. In many server setups you could find the line “Register Globals” set to ON, and evidenced in red like it’s an error.
This error does not prevent you from installing Joomla, in fact it’s more a warning than an error.
How can we solve this warning? We can use PHP5 rather than PHP4 - if your hosting allows this -, because PHP5 has Register Globals set to OFF by default.
Having set register_globals to OFF, now you could find a different warning about magic_quotes_gpc set to OFF. I advise to ignore this value, because the Joomla standard installation does not use it.
The Magic Quotes function has been introduced in PHP to help developers to protect against SQL injection attacks. What happens when Magic Quotes in ON? It is executed the function addslashes() on all the information retrieved using GET, POST forms or cookies.
Unfortunately this function isn’t perfect, as this article of the PHP Security Consortium states:
“Unfortunately this protection isn’t perfect: there are a series of other characters that databases interpret as special not covered by this function. In addition, data not sent direct to databases must un-escaped before it can be used.”
and also
“Because it’s inconsistent and ineffective, it’s not recommended that magic_quotes_gpc be enabled. Rely on input filtering done by your scripts.”
Joomla performs a series of checks against SQL injection. What we need to do is make sure that every module or component we install performs this kind of checks, in order to keep the security level high.
The Joomla security depends mainly upon the modules you install on it.
