On 10/19/2005, "Paul TBBle Hampson" <[EMAIL PROTECTED]> wrote:
>On Wed, Oct 19, 2005 at 12:13:40AM +0200, Arve Seljebu wrote:
>
>> On 10/16/2005, "Arve Seljebu" <[EMAIL PROTECTED]> wrote:
>
>>>On 10/16/2005, "Paul TBBle Hampson" <[EMAIL PROTECTED]> wrote:
>
>>>>On Thu, Oct 13, 2005 at 12:34:26PM +0200, Arve Seljebu wrote:
>>>>> Package: freeradius-dialupadmin
>>>>> Version: 1.0.2-4
>>>>> Severity: normal
>
>>>>> Since freeradius-dialupadmin is developed on php3, it uses global
>>>>> variables instead of $_GET and similar.
>>>>> /usr/share/doc/freeradius-dialupadmin/README.Debian should contain an
>>>>> advice about this.
>
>>>>This should not be neccessary, dialup-admin calls
>>>>import_request_variables [1] during the config-reading function.
>
>>>>If you had a problem of some kind with this, please reply to this
>>>>bug with it, otherwise I'll close it as not-a-bug.
>
>>>I had some problems with this earlier, I'll turn off register_globals
>>>too see if it's still there.
>
>> I found one occurrence of this in
>> /usr/share/freeradius-dialupadmin/htdocs/user_edit.php3 on line 2:
>
>> if ($edit_group == 1){
>> header("Location: group_admin.php3?login=$group_to_edit");
>> exit;
>
>Excellent. _This_ looks like the actual bug to me... Try moving the
>require('../conf/config.php3');
>above this (ie, to make it the first thing in the script) and see if it
>fixes it.
Yes, the header redirect works with require above it.
>
>> And if I remember it right, there are several shortcuts to other pages
>> made like this.
>
>Grep suggests that only group_admin, group_new, user_edit and user_new
>are affected if this is the case.
Yes, I think that's right, I've changed those files with success. I'll
report if I find any other occurrences.
Regards, Arve
>
>--
>Paul "TBBle" Hampson, [EMAIL PROTECTED]
>8th year CompSci/Asian Studies student, ANU
>
>Shorter .sig for a more eco-friendly paperless office.
