From: Brent B. <bb...@pe...> - 2002-03-30 02:39:43
|
So far it's been treating me fine. I upgraded to it immediately when I heard about the security hole in earlier releases. If memory serves, the default php.ini file is slightly different. In 4.1.2, by default, you find: allow_call_time_pass_reference = Off In the SM 1.2.5 install I had goin' I noticed that the bit of code for reporting message bodies that couldn't be displayed properly broke under 4.1.2 with this setting off. (working from memory here) I *think* that when I turned this on I could report message bodies but not with the allow_call_time_pass_reference setting on. I didn't have time to look at the CVS version to see if it had the same problem or if it'd already been fixed. And I haven't run across any other message bodies I couldn't display in SM 1.2.5 :-) Brent > On Thu, 2002-03-21 at 16:37, Caribe Schreiber wrote: >> Hey Guys! >> >> I fixed my vadmin problem by going back to php-4.0.6. I've heard >> that SM 1.2.5 is kosher with php-4.1.2, but I tried installing it and >> couldn't make vadmin work with it. I just patched the source for >> php-4.0.6 to get rid of the file upload insecurity (I'd suggest that >> everyone do it...IIRC having a hole that'll allow arbitrary code >> execution is bad) and everyting's ok again. I was just wondering if >> the problem is something intrinsic to my setup or if it's a bug in >> php/sm/vadmin. > > Yes, vadmin doesn't work with 4.1.x because they broke^H^H^H^H^H > changed the way sessions are handled. I am going to see if I can make > an > official fix for this some time soonish... > > Regards, > -- > 0> Konstantin ("Icon") Riabitsev > / ) Duke University Physics Sysadmin > ~ www.duke.edu/~icon/pubkey.asc ----------------------------------------- Persistence Software Inc. 1720 South Amphlett Blvd. Third Floor San Mateo, CA 94402 |