On Tue, 2003-10-07 at 12:53, John Wilcox wrote:
>
> P.S. If anyone has any other ideas of how to get a PHP
> script to run as a specific user/group under a Virtual
> Host, I'm all ears.. All I need is for the script to
> be able to mkdir as a specific user/group, but this is
> proving to be more
--- Chris Shiflett <[EMAIL PROTECTED]> wrote:
> --- John Wilcox <[EMAIL PROTECTED]> wrote:
> > On the topic of passing args, can someone please
> explain to me why
> > I'm unable to use $_GET or $_POST if my php script
> is run as a .cgi?
> What you may want to do is to have the Web server
> inte
On Tuesday 07 October 2003 23:04, Ben Edwards wrote:
> Been having a problem accessing a variable that is passed on a URL.
> I've been developing PHP for years and this makes no seance.
>
> The variable I am trying to access in the script is $_section. I put
> the following code at the beginning (
Ben Edwards wrote:
what I don't understand is if $_GET is being used people can just change
the URL anyway so why is it an issue?
Ben
All that it is about that if you have code like this:
if($user=='admin' && $pwd=='secretpassword') {
$admin=true;
}
and register_globals on someone can pass
--- Ben Edwards <[EMAIL PROTECTED]> wrote:
> what I don't understand is if $_GET is being used people can just
> change the URL anyway so why is it an issue?
It is only an issue in the sense that it hides the origin of data. An attacker
can leverage this fact to exploit weaknesses in your applicat
--- John Wilcox <[EMAIL PROTECTED]> wrote:
> On the topic of passing args, can someone please explain to me why
> I'm unable to use $_GET or $_POST if my php script is run as a .cgi?
I believe this is because you are using the #! method to define the
interpreter, which means your Web server simply
> Do you have register_globals on or off? If it works in hundreds or other
> places, it should work fine.
In /etc/php4/apache/php.ini 'register_globals = On'.
This is my point, I understand about the global issue but dont have the
time to change all my code.
> Also, you can use $_REQUEST if y
you need to configure your webserver recognize .cgi as
a file to run the php interpreter against.
i.e do whatever you did to make .php work again for
.cgi
--- John Wilcox <[EMAIL PROTECTED]> wrote:
> On the topic of passing args, can someone please
> explain to me why I'm unable to use $_GET or $
On the topic of passing args, can someone please
explain to me why I'm unable to use $_GET or $_POST if
my php script is run as a .cgi? Basically, I have a
simple html input form that has:
and a simple php script in a file called test.cgi
which looks like:
#!/usr/local/bin/php
Now, if I
Chris Shiflett wrote:
You have register_globals disabled, and if you are asking this question, you
need to leave register_globals disabled. Use $_GET['_section'] to access your
variable.
But he says $REQUEST_URI works.
--
The above message is encrypted with double rot13 encoding. Any unauthorize
Ben Edwards wrote:
On Tue, 2003-10-07 at 16:14, Brad Pauly wrote:
Probably because you have register_globals turned off. You can use
$_GET['_section']. You can also turn it on.
But it works in hundreds of other places on the server. I don't really
want to use $_GET because I sometimes switch
--- Paul van Schayck <[EMAIL PROTECTED]> wrote:
> Don't tell them about that option! People are forced to script safe
> that way.
That is a bit of an exaggeration, don't you think? Leaving register_globals
disabled certainly doesn't force people to "script safe[ly]". It does, however,
force them t
--- Ben Edwards <[EMAIL PROTECTED]> wrote:
> Been having a problem accessing a variable that is passed on a URL.
This question is asked several times a week.
You have register_globals disabled, and if you are asking this question, you
need to leave register_globals disabled. Use $_GET['_section']
> Ben, with register globals off hackers can change variables you don't want
> to be changed theirself.
Don't really have time to go through all our sites and change every
variable option, then retest all the sites.
Still dont understand why everything else works. Will probably start
using $_GE
Hello,
[EMAIL PROTECTED] (Brad Pauly) wrote
> Probably because you have register_globals turned off. You can use
> $_GET['_section']. You can also turn it on.
>
> http://us3.php.net/register_globals
Don't tell them about that option! People are forced to script safe that
way.
Ben, with regis
Ben Edwards wrote:
Been having a problem accessing a variable that is passed on a URL.
I've been developing PHP for years and this makes no seance.
The variable I am trying to access in the script is $_section. I put
the following code at the beginning (before anything else apart from
echo "!
16 matches
Mail list logo
