Re: [Phpwebsite-developers] php 4.1.2 behavior

[<php...@li...>]

+1 on requiring php v4.2.2, I think this is definately a much better
approach then putting in code to patch a vulnerable version of php.

Steven

>> I noticed some stangeness while coding today.
>
> Update: I reinstalled phpWS at work without a problem.
>
> After a little research, I found out this is an old issue. Multiport
> forms had security issues in < 4.1.2. This version was a bug fix for a
> security issue.
>
> I believe I might have file_uploads disabled at my home station but it
> is odd that the form is destroyed instead of just not allowing the file
> transfer.
>
> In any case, I need a recommendation.
>
> Should setup check for a deactivated file_uploads setting?
>
> Should we code forms to check this variable before adding the multipart
> parameter?
>
> Should we force the a version check > 4.2.2 (the secure version)?
>
> Personally, I am going to vote +1 for 4.2.2 or higher. I don't want to
> support a version that can be hacked just as we are releasing are newest
> code. The downside is, of course, the groaning of people we force to
> upgrade. I would also perform a check on the file_upload setting during
> install.
>
> Let me hear what you think.
> Matt
>
>
> Matthew McNaney
> Internet Systems Architect
> Electronic Student Services
> Email: ma...@tu...
> URL: http://phpwebsite.appstate.edu
> Phone: 828-262-6493
> ICQ: 141057403
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: To learn the basics of securing  your
> web site with SSL, click here to get a FREE TRIAL of a Thawte  Server
> Certificate: http://www.gothawte.com/rd524.html
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers


-- 
Steven Levin
Electronic Student Services
Appalachian State University
Phone: 828.262.2431
PhpWebsite Development Team
URL: http://phpwebsite.appstate.edu
Email: st...@NO...