If a script says register globals should be on, then don’t use that script
When people who would otherwise like to be known as professionals (IE they are charging money for a script and/or services) tell you that their software needs register_globals (in php) to be enabled, it means that they can’t code their way out of a wet paper bag.
It takes like 30 seconds to change all of your variables to not need them. Even if the script in question is written perfectly, by telling the webmaster to change a global variable (it can be done in .htaccess btw, and that’s what we recommend to our customers who get advice from these asshats) it makes their entire server more vulnerable to generic exploits.
It’s even worse when it’s zend encoded.
