Not Known Go Away
--- Oden Eriksson <[EMAIL PROTECTED]> wrote: > Hi Vincent, all > > I found this the other day: > > http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html > > ..., and I thought I should share this info and a > possible fix: > > --- php.ini 2003-01-06 05:40:15.000000000 +0100 > +++ php.ini.oden 2003-06-05 > 21:58:02.000000000 +0200 > @@ -191,7 +191,7 @@ > ; This directive allows you to disable certain > functions for security > reasons. > ; It receives a comma-delimited list of function > names. This directive is > ; *NOT* affected by whether Safe Mode is turned On > or Off. > -disable_functions = > +disable_functions = phpinfo > > ; Colors for Syntax Highlighting mode. Anything > that's acceptable in > ; <font color="??????"> would work. > > --- php-ini.spec 2003-01-07 > 23:47:00.000000000 +0100 > +++ php-ini.spec.oden 2003-06-05 > 21:56:40.000000000 +0200 > @@ -1,6 +1,6 @@ > Name: php-ini > Version: 4.3.0 > -Release: 1mdk > +Release: 2mdk > Group: Development/Other > URL: http://www.php.net > License: PHP License > @@ -51,5 +51,8 @@ > %doc %{_docdir}/%{name}-%{version}/* > > %changelog > +* Thu Jun 05 2003 Oden Eriksson > <[EMAIL PROTECTED]> 4.3.0-2mdk > +- temporary fix for the PHP XSS exploit in > phpinfo() > + > * Sat Jan 4 2003 Jean-Michel Dault > <[EMAIL PROTECTED]> 4.3.0-1mdk > - New package > > Chears. > -- > Regards // Oden Eriksson, Deserve-IT.com > __________________________________________________ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html