From: Alan in T. <Ala...@pu...> - 2006-03-08 15:57:20
|
Tomas Kuliavas said: > It is strongly recommended to run SquirrelMail and other PHP scripts with > register_globals turned off. Provider should turn globals only when > scripts are broken, don't work in rg=off and you can't fix those scripts. > > You can use SquirrelMail 1.4.6 in rg=on setup, but you won't pass > configtest. I'll protest, if somebody tries to make rg=on check non-fatal > in SM-1_4-STABLE branch. We are trying to prevent use of insecure > SquirrelMail and PHP setups. A PHP coder I know had this to say: If you want to pass on my comments, tell them to stop using uninitalised variables and not to use extract($_POST) because it's almost the same as register_globals on. |