-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Alan,
On Wednesday, March 08, 2006, Alan wrote:
>> It is strongly recommended to run SquirrelMail and other PHP
>> scripts with register_globals turned off. Provider should turn
>> globals only when scripts are broken, don't work in rg=off and you
>> can't fix those scripts.
>> You can use SquirrelMail 1.4.6 in rg=on setup, but you won't pass
>> configtest. I'll protest, if somebody tries to make rg=on check
>> non-fatal in SM-1_4-STABLE branch. We are trying to prevent use of
>> insecure SquirrelMail and PHP setups.
> A PHP coder I know had this to say:
> If you want to pass on my comments, tell them to stop using uninitalised
> variables and not to use extract($_POST) because it's almost the same as
> register_globals on.
Is that PHP Coder referring to us?
# pwd
/home/jangliss/Projects/SquirrelMail/stable
# grep -ir "extract(" *
#
We don't use extract. Yes, we had in the past, and in it was the cause
of a security update, and I ended up rewriting the whole identities
page, but we don't have it any more.
- --
Jonathan Angliss
<[EMAIL PROTECTED]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFED2G8K4PoFPj9H3MRApd1AKDs4iKOvkzdR5VLkeoaC7EoD/pA9wCfXvSH
wzPwtCRzsdNCu9BuEd1MZAQ=
=9I3T
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
