On Wed, Oct 19, 2005 at 12:13:40AM +0200, Arve Seljebu wrote: > On 10/16/2005, "Arve Seljebu" <[EMAIL PROTECTED]> wrote:
>>On 10/16/2005, "Paul TBBle Hampson" <[EMAIL PROTECTED]> wrote:
>>>On Thu, Oct 13, 2005 at 12:34:26PM +0200, Arve Seljebu wrote:
>>>> Package: freeradius-dialupadmin
>>>> Version: 1.0.2-4
>>>> Severity: normal
>>>> Since freeradius-dialupadmin is developed on php3, it uses global
>>>> variables instead of $_GET and similar.
>>>> /usr/share/doc/freeradius-dialupadmin/README.Debian should contain an
>>>> advice about this.
>>>This should not be neccessary, dialup-admin calls
>>>import_request_variables [1] during the config-reading function.
>>>If you had a problem of some kind with this, please reply to this
>>>bug with it, otherwise I'll close it as not-a-bug.
>>I had some problems with this earlier, I'll turn off register_globals
>>too see if it's still there.
> I found one occurrence of this in
> /usr/share/freeradius-dialupadmin/htdocs/user_edit.php3 on line 2:
> if ($edit_group == 1){
> header("Location: group_admin.php3?login=$group_to_edit");
> exit;
Excellent. _This_ looks like the actual bug to me... Try moving the
require('../conf/config.php3');
above this (ie, to make it the first thing in the script) and see if it
fixes it.
> And if I remember it right, there are several shortcuts to other pages
> made like this.
Grep suggests that only group_admin, group_new, user_edit and user_new
are affected if this is the case.
--
Paul "TBBle" Hampson, [EMAIL PROTECTED]
8th year CompSci/Asian Studies student, ANU
Shorter .sig for a more eco-friendly paperless office.
pgpy3MkMqwcdc.pgp
Description: PGP signature
