URL:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3923>
Summary: [Fix] Compatibility with register_globals off
Project: phpGroupWare
Submitted by: dougk_ff7
Submitted on: Wed 04/20/2005 at 06:51
Category: registration
Priority: 6
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
_______________________________________________________
Details:
Here's a patch to allow registration to work without register_globals on.
It's pretty hackish, but I did design it to try to prevent SQL injection.
Perhaps someone will have a better idea and some cleanup for this,
though--I'm not terribly familiar with the phpGW source. Most likely, the
little function I use to do the replacement on the variables is either
somewhere else already, or there's a better way to do it. Either way, it
will NOT break when fed a single-quote (so no SQL injection), however it will
die when fed a backslash (though not allow exploitation, to the best of my
knowledge).
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 04/20/2005 at 06:51 Name:
patch-fix-register_globals-dougk_ff7.diff Size: 1.6KB By: dougk_ff7
[Fix] register_globals off compatibility
<http://savannah.gnu.org/patch/download.php?item_id=3923&item_file_id=4477>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3923>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Phpgroupware-tracker mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/phpgroupware-tracker
