Just a quick question, which might be of use to others who are in the same position.
I've hacked on phplib for my own application, so it is somewhat modified in various places. Upgrading phplib itself would be a little more time consuming and needs to be done carefully, but in the meantime I assume I can secure this simply by making the assignment to $PHPLIB[libdir] unconditional? Is that the full extent of the fix required?
[BTW, it would be extra nice if there was a patch file available to upgrade from earlier versions, or at least a copy of the original old distributions available for download to allow such diffs to be made. Heh, guess I should check cvs to see if that's here yet... ]
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-07-24
Removing the conditional code around $_PHPLIB[..] completely and adding these 2 lines will plug this security hole:
$_PHPLIB = array();
$_PHPLIB["libdir"] = "";
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just a quick question, which might be of use to others who are in the same position.
I've hacked on phplib for my own application, so it is somewhat modified in various places. Upgrading phplib itself would be a little more time consuming and needs to be done carefully, but in the meantime I assume I can secure this simply by making the assignment to $PHPLIB[libdir] unconditional? Is that the full extent of the fix required?
[BTW, it would be extra nice if there was a patch file available to upgrade from earlier versions, or at least a copy of the original old distributions available for download to allow such diffs to be made. Heh, guess I should check cvs to see if that's here yet... ]
Removing the conditional code around $_PHPLIB[..] completely and adding these 2 lines will plug this security hole:
$_PHPLIB = array();
$_PHPLIB["libdir"] = "";