Update An Official Security Patch for Dolphin Version 6.1.2 has been released.

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Just because you have a newer version of php it Does Not necessarily mean the register globals is off. You should check with your host or if you are using dolphin 6.1x you can verify this by checking your phpinfo file by the following:


This file is protected by your admin panel so you will be prompted to login. Username/password will be the same as your admin panel.

Scroll down the page until you find the register_globals as pictured below.

Php Info

The first column is local value, or your site values. The second is the master value, or what your host has specified. For sure you want to see register_globals off in the local value. If register_globals says on see this similar guide which may aid you into determining whether you need to use php.ini or .htaccess to turn off register globals. This will be important so you know which to use. If you use the wrong one either your site will error out, or you will do absolutely no good.

Guide to .htaccess and php.ini

See the above link to determine whether you need a .htaccess or php.ini file. Then after that add:

For .htaccess add:
php_flag register_globals off

For php.ini add:
register_globals = Off

Then refresh the yoursite.com/admin/phpinfo.php page to make sure that register_globals on did change to register_globals off.

Written By
Tutorial by: Jeremy LeSarge (AKA Ray)

I am the owner and administrator of DialMe.com. I write Tutorials for Boonex Dolphin as well as tips and resources surrounding website programming and development. I enjoy working with WordPress, SEO, and Web Hosting / Servers. I also maintain a WordPress Blog here on this site where you will find a variety of technology and webmaster resources.

Sponsored Links