Not Known
Go Away

 --- Oden Eriksson <[EMAIL PROTECTED]>
wrote: > Hi Vincent, all
> 
> I found this the other day:
> 
>
http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html
> 
> ..., and I thought I should share this info and a
> possible fix:
> 
> --- php.ini     2003-01-06 05:40:15.000000000 +0100
> +++ php.ini.oden        2003-06-05
> 21:58:02.000000000 +0200
> @@ -191,7 +191,7 @@
>  ; This directive allows you to disable certain
> functions for security 
> reasons.
>  ; It receives a comma-delimited list of function
> names. This directive is
>  ; *NOT* affected by whether Safe Mode is turned On
> or Off.
> -disable_functions =
> +disable_functions = phpinfo
> 
>  ; Colors for Syntax Highlighting mode.  Anything
> that's acceptable in
>  ; <font color="??????"> would work.
> 
> --- php-ini.spec        2003-01-07
> 23:47:00.000000000 +0100
> +++ php-ini.spec.oden   2003-06-05
> 21:56:40.000000000 +0200
> @@ -1,6 +1,6 @@
>  Name:          php-ini
>  Version:       4.3.0
> -Release:       1mdk
> +Release:       2mdk
>  Group:         Development/Other
>  URL:           http://www.php.net
>  License:       PHP License
> @@ -51,5 +51,8 @@
>  %doc %{_docdir}/%{name}-%{version}/*
> 
>  %changelog
> +* Thu Jun 05 2003 Oden Eriksson
> <[EMAIL PROTECTED]> 4.3.0-2mdk
> +- temporary fix for the PHP XSS exploit in
> phpinfo()
> +
>  * Sat Jan  4 2003 Jean-Michel Dault
> <[EMAIL PROTECTED]> 4.3.0-1mdk
>  - New package
> 
> Chears.
> -- 
> Regards // Oden Eriksson, Deserve-IT.com
>  

__________________________________________________
Yahoo! Plus - For a better Internet experience
http://uk.promotions.yahoo.com/yplus/yoffer.html

Reply via email to