Menu
▾
▴
Re: [Phpwebsite-developers] php 4.1.2 behavior
|
From: <php...@li...> - 2002-11-17 17:24:57
|
> I noticed some stangeness while coding today. Update: I reinstalled phpWS at work without a problem. After a little research, I found out this is an old issue. Multiport forms had security issues in < 4.1.2. This version was a bug fix for a security issue. I believe I might have file_uploads disabled at my home station but it is odd that the form is destroyed instead of just not allowing the file transfer. In any case, I need a recommendation. Should setup check for a deactivated file_uploads setting? Should we code forms to check this variable before adding the multipart parameter? Should we force the a version check > 4.2.2 (the secure version)? Personally, I am going to vote +1 for 4.2.2 or higher. I don't want to support a version that can be hacked just as we are releasing are newest code. The downside is, of course, the groaning of people we force to upgrade. I would also perform a check on the file_upload setting during install. Let me hear what you think. Matt Matthew McNaney Internet Systems Architect Electronic Student Services Email: ma...@tu... URL: http://phpwebsite.appstate.edu Phone: 828-262-6493 ICQ: 141057403 |
