[Phpgroupware-tracker] [patch #3923] [Fix] Compatibility with register_globals off

[Doug Kelly]

URL:
  <http://savannah.gnu.org/patch/?func=detailitem&item_id=3923>

                 Summary: [Fix] Compatibility with register_globals off
                 Project: phpGroupWare
            Submitted by: dougk_ff7
            Submitted on: Wed 04/20/2005 at 06:51
                Category: registration
                Priority: 6
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open

    _______________________________________________________

Details:

Here's a patch to allow registration to work without register_globals on. 
It's pretty hackish, but I did design it to try to prevent SQL injection. 
Perhaps someone will have a better idea and some cleanup for this,
though--I'm not terribly familiar with the phpGW source.  Most likely, the
little function I use to do the replacement on the variables is either
somewhere else already, or there's a better way to do it.  Either way, it
will NOT break when fed a single-quote (so no SQL injection), however it will
die when fed a backslash (though not allow exploitation, to the best of my
knowledge).





    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 04/20/2005 at 06:51  Name:
patch-fix-register_globals-dougk_ff7.diff  Size: 1.6KB   By: dougk_ff7
[Fix] register_globals off compatibility
<http://savannah.gnu.org/patch/download.php?item_id=3923&item_file_id=4477>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/patch/?func=detailitem&item_id=3923>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/