retitle 508026 register_globals on is not supported thanks Hi,
Thank you Giuseppe for your work; however, please do not upload it as it doesn't address the root cause. > Note that the vulnerability can only be exploited when register_globals=on > (which is the default in /etc/phppgadmin/apache.conf). Requiring register_globals on is not acceptable for software we support. As it seems, upstream does already support running in register_globals=0 mode for a long time (according to their changelog since 2002...). Therefore I guess this bug would be fixed if the statement turning register_globals on was removed from the Apache configuration file. Of course this does need some thorough testing. When doing that, including the fix from this bug report aswell is a good idea since it can't hurt and will provide some extra protection for those running unsafe setups. cheers, Thijs
pgp9Q48yavdOd.pgp
Description: PGP signature
