From: Stefan <ste...@im...> - 2006-01-12 21:18:30
|
On Do, 12.01.2006, 08:51, Tomas Kuliavas wrote: > >>>> Hello, >>>> >>>> >>>> >>>> here are the system details you asked for: >>>> >>>> SquirrelMail configtest >>>> This script will try to check some aspects of your SquirrelMail >>>> configuration and point you to errors whereever it can find >>> them. You need >>>> to go run conf.pl in the config/ directory first before you run >>> this> script. >>>> >>>> SquirrelMail version: 1.4.5 >>>> Config file version: 1.4.0 >>>> Config file last modified: 08 January 2006 12:37:10 >>>> >>>> >>>> >>>> >>>> Checking PHP configuration... >>>> PHP version 4.4.1 OK. >>>> >>> >>> message should be 'NOT OK' >>> >>> are you sure that PHP 4.4.1 issues are fixed? * >>> http://bugs.php.net/bug.php?id=35067 >>> * http://bugs.php.net/bug.php?id=35700 >>> * all other things broken by security fixes and updates >>> >>> >>> Please make sure that you can reproduce same issues in other php >>> version. ... >>> >>>> "PHP register_global": DON'T KNOW HOW TO GET THESE INFORMATION >>>> >>> >>> http://www.squirrelmail.org/wiki/TestPHPSettings >>> >> Hello, >> >> >> I don't know if I can upgrade my PHP installation because it is >> installed >> on something like an embedded linux (www.pynix.org) with some specials >> (www.collax.com). It uses a lot of free software but there are some >> special modifications. I searched for upgrading PHP in the forum of the >> manufacturer but there some issues for this. >> >> But I implemented the phpinfo function and have now a large page with a >> lot of information you can see below. Hoping it's useful for you for >> giving me some hints. >> >> Thank you. >> >> >> Stefan. >> >> >> PHP Version 4.4.1 >> >> >> System Linux cbs 2.4.31 #1 Thu Dec 15 09:29:52 CET 2005 i686 >> Build Date Dec 15 2005 10:01:25 >> Configure Command './configure' >> '--with-apxs=/AppKit/common/web/apache/AppKit/install.apache/usr/sbin/apx >> s' '--prefix=/usr' '--sysconfdir=/etc' '--enable-discard-path' >> '--enable-shared' '--disable-static' '--enable-bcmath' >> '--enable-calendar' '--enable-dba=shared' '--enable-dbase' >> '--enable-ftp' >> '--enable-gd-native-ttf' '--enable-ucd-snmp-hack' '--enable-tokenizer' >> '--enable-inline-optimization' '--enable-sockets' '--enable-fastcgi' >> '--with-config-file-path=/etc' '--with-openssl=/usr' '--with-zlib' >> '--with-jpeg-dir=/usr' '--with-gdbm' '--with-gd=shared,/usr' >> '--with-png-dir=/usr' '--with-freetype-dir=/usr' '--with-hyperwave' >> '--with-mysql=shared,/usr' '--with-pgsql=shared,/usr' '--with-mm' >> '--with-snmp=shared,/usr' '--with-expat-dir=/usr' '--with-pic' >> '--with-ldap=shared,/usr' '--with-mhash=shared,/usr' '--enable-mbstring' >> '--enable-mbregex' '--with-imap=/usr/lib/imap/' > ... >> register_globals On On > ... > > go to squirrelmail directory > create file name .htaccess > put following text (without dashes) in that file > ---- > php_flag register_globals off > ---- > > try testing configuration one more time. Line with register_globals should > look 'register_globals Off On'. If you get apache error page, delete > .htaccess file. You will have to turn off globals in php.ini file or > apache configuration. Please note that running php with globals turned on > is dangerous. If scripts are coded for rg=off setups, they might have > problems in rg=on setups when developers don't take into account rg=on > specifics. SquirrelMail should be able to run in rg=off setups since 1.3.0 > and 1.2.9. Some recent SquirrelMail security issues are specific only to > register_globals = on. > > See also > https://sourceforge.net/tracker/index.php?func=detail&aid=1304408&group_id=311&atid=423679. > There is a patch posted on tracker that solves some mailbox caching > issues. > > Please don't top post. > Tried your hint with .htaccess. It didn't change the settings and there was no appache error. So I changed the setting in php.ini. The result is now 'register_globals Off Off'. With this setting, some plugins are now working fine, i. e. notes, select_range or newmail (option item can now be viewed and edited every time). And now I can read more messages but there are some unreadables, too. And the unreadable ones are mostly the newest ones. Even locally sent mails are unreadable! But when I use the answer button I can read the originally unreadable mails. It's confusing to me. I don't know what to do with the patch. The pynix based system does not have the patch program -- This mail was scanned by AntiVir MailGate. This product is licensed for non-commercial use. See http://www.antivir.de/ for details. |