|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dan Kuykendall (dan
kuykendall.org)Date: Thu Apr 11 2002 - 02:36:44 CDT
('binary' encoding is not supported, stored as-is)
In-Reply-To: <17122201257.20020403160836code-fu.de>
The problem is caused by a specific change to the
standard PHP options by the debian packages. For
some reason magic_quotes_gpc is set to Off in the
/etc/phpgroupware/apache.conf
If you change the two entries to On then the
security hole disappears.
This IS NOT a phpGroupWare security hole per se,
its a problem with a config setting that we rely
on from PHP.
We are currently looking at restructuring a few
areas to take over what magic_quotes_gpc does so
that we can be safe when it is turned off. That
will likely show up in 0.9.16 since 0.9.14 is
probably going to be released soon and wont have
time to be retrofitted.
Seek3r
phpGroupWare Spokesperson
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]