Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
From: Rudolf Polzer <divzero () gmail com>
Date: Sat, 3 Jul 2004 18:18:59 +0200

On Sat, 3 Jul 2004 12:56:50 +0200, Maarten <fulldisc () ultratux org> wrote:
Indeed.  But the fact that many READMEs of php code still say something like
"Sadly, there is a bug in <distribution foobar> in the php.ini file. Set
register_globals to ON, otherwise this software will not function."
That they even dare calling it a "bug" is beyond arrogance.

IMHO it will be nice if one could override some php.ini settings on a
per-script basis. For example at parsing time using a comment like

<?php5
#[smartquotes=on register_globals=off]
?>

of course not all settings should be able to be overridden...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]