Date: Thu, 25 Jul 2002 16:22:13 +0300 From: Alexandr Kovalenko <never@nevermind.kiev.ua> To: Chris Shenton <chris@shenton.org> Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/40979: mod_php security fix breaks PHP 4.2.2: variables not passed Message-ID: <20020725132213.GB5035@nevermind.kiev.ua> In-Reply-To: <200207251310.g6PDA8EO058362@freefall.freebsd.org> References: <200207251310.g6PDA8EO058362@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Chris Shenton! On Thu, Jul 25, 2002 at 06:10:08AM -0700, you wrote: > > Pilot error! (c) > > > > Check your /usr/local/etc/php.ini file. > > There should be at least: > > register_globals = On > > register_argc_argv = On > Doh! Yes, changing register_globals from default Off to On fixed this. > I had a php.ini-dist and no php.ini, so it sounds like the defaults > have changed between php versions. Yes. Starting from 4.2.x series. Read release notes on php.net more carefully. > Does enabling this put me at risk from the recent security hole? No. But you should better read PHP manual and don't use this form of parameter recieving (it may cause abuse if script is written unclean). http://www.php.net/manual/en/language.variables.predefined.php -- NEVE-RIPE Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020725132213.GB5035>