ID: 25753 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Critical Bug Type: Apache related Operating System: * PHP Version: 4CVS, 5CVS New Comment:
Try the following patch: http://bb.prohost.org/ap_bug.txt Previous Comments: ------------------------------------------------------------------------ [2003-11-28 10:11:31] joris at ideeel dot nl We experience this problem, but different PHP programs are differently susceptible to it problem: extra slashes before quotation marks (\" instead of ") vulnerable: PHPsysinfo & PHPnuke not vulnerable: Squirrelmail, phpBB, phpMyAdmin Tested on RH73 standard setup. joris ------------------------------------------------------------------------ [2003-11-28 10:07:31] blitzer at cutery dot fi A workaround I did seems to work until this is fixed: make php.ini automatically prepend a .php file that will reload the variables from the .ini file. ------------------------------------------------------------------------ [2003-11-08 12:38:07] simon at implix dot com We have a similar problem. We've got overlapping virtualhosts (as they are required for one of our application) and sometimes PHP returns register_globals = Off, even though = On is set in php.ini. We are using php 4.3.4 + apache 2.0.48. The problem doesn't exist when we use php 4.3.1. ------------------------------------------------------------------------ [2003-10-30 09:35:44] fs at nessus dot at no thats false. this bug occours on apache 1.3.x too (tested it with 1.3.27). i think thats very essential... greetings, Florian Schicker www.nessus.at ------------------------------------------------------------------------ [2003-10-28 04:13:33] mattias at segerdahl dot info This bug only appears when and if you have overlapping virtualhosts in apache2. Using fqdn's that have IN A or CNAME to an ipaddress on the server seems to fix it. This is only an observation that seems to have gotten rid of the problem for me. // bad2da ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25753 -- Edit this bug report at http://bugs.php.net/?id=25753&edit=1
