[libvirt] [PATCH] Re: Minor php errors in the libvirt search script?

Sun, 09 Jan 2011 22:48:24 -0800 

[  Cc'ing back the list ]
On Sun, Jan 09, 2011 at 03:11:29AM +1100, Justin Clift wrote:
> Hi Daniel,
> 
> Noticing these php warning's showing up in the apache libvirt.org error log:
> 
>   [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice:  
> Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 
> 21, referer: http://libvirt.org/formatdomain.html
>   [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice:  
> Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 
> 22, referer: http://libvirt.org/formatdomain.html
>   [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice:  
> Undefined variable: PHP_SELF in /data/www/libvirt.org/search.php on line 37, 
> referer: http://libvirt.org/formatdomain.html
> 
> Any idea if they're something we need to care about?

  Yup, the search php was designed in php4 time frame and those global
variables are not turned off by default for security reasons
  http://fr.php.net/manual/en/security.registerglobals.php

The following patch should fix those,

  thanks for raising the issue,

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
dan...@veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

diff --git a/docs/search.php b/docs/search.php
index bbd652a..7131062 100644
--- a/docs/search.php
+++ b/docs/search.php
@@ -18,14 +18,13 @@
     <div id="body">
       <div id="content">
 <?php
-    $query = $HTTP_GET_VARS[ "query" ];
-    $scope = $HTTP_GET_VARS[ "scope" ];
-    // We handle only the first argument so far
     $query = $_GET['query'];
+    // We handle only the first argument so far
     $query = ltrim ($query);
     if (! $query) {
         echo "<h1 align='center'>Search the documentation on Libvir.org</h1>";
     }
+    $scope = $_GET['scope"'];
     if ($scope == NULL)
         $scope = "any";
     $scope = ltrim ($scope);
@@ -34,7 +33,7 @@
 
 ?>
 <p> The search service indexes the libvirt APIs and documentation as well as 
the libvir-list@redhat.com mailing-list archives. To use it simply provide a 
set of keywords:</p>
-<form action="<?php echo "$PHP_SELF", "?query=", rawurlencode($query) ?>"
+<form action="<?php echo "$_SERVER['PHP_SELF']", "?query=", 
rawurlencode($query) ?>"
       enctype="application/x-www-form-urlencoded" method="get">
   <input name="query" type="text" size="50" value="<?php echo $query?>"/>
   <select name="scope">

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to