TY> If the server configuration "php.ini" file has "register_globals = on"
TY> and a request is made to one virtual host (which has "php_admin_flag
TY> register_globals off") and the next request is sent to the another
TY> virtual host (which does not have the setting) through the same apache
TY> child, the setting will persist. This may lead to leaks of global variables.
TY> Background
TY> ==========
TY> PHP is a widely-used general-purpose scripting language that is
TY> especially suited for Web development and can be embedded into HTML.
TY> Description
TY> ===========
TY> If the server configuration "php.ini" file has "register_globals = on"
TY> and a request is made to one virtual host (which has "php_admin_flag
TY> register_globals off") and the next request is sent to the another
TY> virtual host (which does not have the setting) through the same Apache
TY> child, the setting will persist.
I think I had the same problem with safe_mode_include_dir which was set in
<Directory> section of httpd.conf
May be I'm wrong, but problem looks very similar.
--
Best regards,
Alexander GQ Gerasiov <bugtaq (at) gq.pp (dot) ru [email concealed]>
7 ôåâðàëÿ 2004 ã. you wrote:
TY> Synopsis
TY> ========
TY> If the server configuration "php.ini" file has "register_globals = on"
TY> and a request is made to one virtual host (which has "php_admin_flag
TY> register_globals off") and the next request is sent to the another
TY> virtual host (which does not have the setting) through the same apache
TY> child, the setting will persist. This may lead to leaks of global variables.
TY> Background
TY> ==========
TY> PHP is a widely-used general-purpose scripting language that is
TY> especially suited for Web development and can be embedded into HTML.
TY> Description
TY> ===========
TY> If the server configuration "php.ini" file has "register_globals = on"
TY> and a request is made to one virtual host (which has "php_admin_flag
TY> register_globals off") and the next request is sent to the another
TY> virtual host (which does not have the setting) through the same Apache
TY> child, the setting will persist.
I think I had the same problem with safe_mode_include_dir which was set in
<Directory> section of httpd.conf
May be I'm wrong, but problem looks very similar.
--
Best regards,
Alexander GQ Gerasiov <bugtaq (at) gq.pp (dot) ru [email concealed]>
[ reply ]