diff --git a/modules/system/system.install b/modules/system/system.install
index fb49e1755c9..95fba9b29ab 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -52,10 +52,6 @@ function system_requirements($phase) {
$requirements['webserver']['description'] = $t('Unable to determine your web server type and version. Drupal might not work properly.');
$requirements['webserver']['severity'] = REQUIREMENT_WARNING;
}
- if (ini_get('register_globals')) {
- $requirements['php']['description'] = $t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.');
- $requirements['php']['severity'] = REQUIREMENT_ERROR;
- }
// Test PHP version
$requirements['php'] = array(
@@ -67,6 +63,25 @@ function system_requirements($phase) {
$requirements['php']['severity'] = REQUIREMENT_ERROR;
}
+ // Test PHP register_globals setting.
+ $requirements['php_register_globals'] = array(
+ 'title' => $t('PHP register globals'),
+ );
+ $register_globals = trim(ini_get('register_globals'));
+ // Unfortunately, ini_get() may return many different values, and we can't
+ // be certain which values mean 'on', so we instead check for 'not off'
+ // since we never want to tell the user that their site is secure
+ // (register_globals off), when it is in fact on. We can only guarantee
+ // register_globals is off if the value returned is 'off', '', or 0.
+ if (!empty($register_globals) && strtolower($register_globals) != 'off') {
+ $requirements['php_register_globals']['description'] = $t('register_globals is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when register_globals is enabled. The PHP manual has instructions for how to change configuration settings.');
+ $requirements['php_register_globals']['severity'] = REQUIREMENT_ERROR;
+ $requirements['php_register_globals']['value'] = $t("Enabled ('@value')", array('@value' => $register_globals));
+ }
+ else {
+ $requirements['php_register_globals']['value'] = $t('Disabled');
+ }
+
// Test PHP memory_limit
$memory_limit = ini_get('memory_limit');
$requirements['php_memory_limit'] = array(