[Phpgroupware-users] Register Globals (was ldapmodify.php; data not bei

phpgroupware-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] Register Globals (was ldapmodify.php; data not bei

From:	Dave Hall
Subject:	[Phpgroupware-users] Register Globals (was ldapmodify.php; data not being submitted)
Date:	Mon, 31 Mar 2003 11:44:18 +1000

Izzy Blacklock <address@hidden> wrote:

> On Sunday 30 Mar 2003 5:41 pm, Lars Kneschke(priv.) wrote:
> > Izzy Blacklock <address@hidden> schrieb:
> > >I know now that ldap authenticatio> >when the
> > >accounts are setup correctly.  So, now I'm back to trying to figure
> > >out why
> > >ldapmodify.php wont modify my existing ldap accounts.
> > >
> > >My tests so far show that the if ($submit) section isn't being run.
> > >Neither
> > >is the if ($cancel).  I'm guessing these are the sections that 
> should> >be run
> > >when the modify or cancel buttons are pushed.  What I can't 
> figure out
> > >is how
> > >these variables get set.
> >
> > Have a look at you php.ini. Look for something like register 
> globals. Set
> > it to on. For new php versions it is set to off by default.
> >
> > If it helps, create a bug report. phpGW should not rely on 
> register globals
> > == on, because of security problems.
> 
> Thanks Lars,  That was it.  Quite a long road I traveled to come 
> back to this! 
> :(  I'll add it to my LDAP support howto.  I'll also submit a bug 
> report.  


A few points on this:

1 Register Globals is a well documented issue - see these google results:
161 -
http://www.google.com/search?q=register_globals+phpgroupware+site%3Amail.gnu.org&btnG=Google+Search&hl=en&lr=&ie=UTF-8&oe=UTF-8
88 -
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=register+globals+phpgroupware+site%3Amail.gnu.org&btnG=Google+Search

2 The change to register globals was made in php 4.2.0 (released
22-Apr-2002 - see http://www.php.net/ChangeLog-4.php), while phpGW
0.9.14 branch was created 15-Jan-2003 (see
http://savannah.gnu.org/forum/forum.php?forum_id=365&group_id=509 )

3 We can not add major new functions/code changes after a feature freeze
or in a buf fix release.

4 Yes, register_globals = on is a security issue - which we are addressing

5 The 0.9.16 API supports our GPC variable sanitizer function "get_var"
- now it is upto devs to implement it in their apps.

6 phpGW does not run with safe_mode = on which many hosts now use as the
default config.  This is something else that will need to be addressed -
but unlikely in 0.9.16

Cheers

Dave

dave.hall.vcf
Description: Card for <dave.hall@mbox.com.au>

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-users] Register Globals (was ldapmodify.php; data not being submitted), Dave Hall <=
- Re: [Phpgroupware-users] Register Globals (was ldapmodify.php; data not being submitted), Izzy Blacklock, 2003/03/30

Prev by Date: Re: [Phpgroupware-users] phpGW_Shell errors
Next by Date: Re: [Phpgroupware-users] Troubleshooting tips???
Previous by thread: [Phpgroupware-users] ldapmodify.php; data not being submitted
Next by thread: Re: [Phpgroupware-users] Register Globals (was ldapmodify.php; data not being submitted)
Index(es):
- Date
- Thread