[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [patch #3923] [Fix] Compatibility with register_g
From: |
Doug Kelly |
Subject: |
[Phpgroupware-tracker] [patch #3923] [Fix] Compatibility with register_globals off |
Date: |
Wed, 20 Apr 2005 06:51:14 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 |
URL:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3923>
Summary: [Fix] Compatibility with register_globals off
Project: phpGroupWare
Submitted by: dougk_ff7
Submitted on: Wed 04/20/2005 at 06:51
Category: registration
Priority: 6
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
_______________________________________________________
Details:
Here's a patch to allow registration to work without register_globals on.
It's pretty hackish, but I did design it to try to prevent SQL injection.
Perhaps someone will have a better idea and some cleanup for this,
though--I'm not terribly familiar with the phpGW source. Most likely, the
little function I use to do the replacement on the variables is either
somewhere else already, or there's a better way to do it. Either way, it
will NOT break when fed a single-quote (so no SQL injection), however it will
die when fed a backslash (though not allow exploitation, to the best of my
knowledge).
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 04/20/2005 at 06:51 Name:
patch-fix-register_globals-dougk_ff7.diff Size: 1.6KB By: dougk_ff7
[Fix] register_globals off compatibility
<http://savannah.gnu.org/patch/download.php?item_id=3923&item_file_id=4477>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/patch/?func=detailitem&item_id=3923>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [patch #3923] [Fix] Compatibility with register_globals off,
Doug Kelly <=