From: Philippe M. <phi...@sq...> - 2002-03-07 10:05:23
|
In my opinion this problem should not be workarounded but PATCHED as soon as possible. This is a major security issue and everyone should patch or upgrade their PHP. As system administrators our duty is to make our systems as secure as possible, and a workaround is only to be used when no patch is available. In this case the patch exists for all PHP versions, and MUST be used. In the other hand, file attachements are a MUST in any serious email client. So removing that possibility is not acceptable. I suggest that we add to the SM docs a reference to this problem in order to let know new users about this issue. > One of the possible workaround instead of updating php or patch it is > to disable > file_uploads = Off > but i think that then you cannot send mesagges, am i right? > I though updload's will not work, but it do not work also sending any > mail and there is > no message error configured. > Why not adding an error message for this situation? > > Thanks in advance > Oscar > > > > >PHP Security Update > > > >[27-Feb-2002] Due to a security issue found in all versions of PHP > >(including 3.x and 4.x), a new version of PHP has been released. > >Details about the security issue are available here. All users of PHP > >are strongly encouraged to either upgrade to PHP 4.1.2, or install the > >patch (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1). > > > > > > > -- > squirrelmail-devel mailing list > List Address: squ...@li... > List Info: > https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel > http://squirrelmail.org/cvs |