Ping, the patch (https://bugs.php.net/bug.php?id=61043) is simple and
PHP 5.3-SVN is broken when using magic_quotes_gpc. Please review and
merge.
Thanks,
Ondrej
On Thu, Feb 16, 2012 at 10:51, Steve Beattie sbeat...@ubuntu.com wrote:
Hi Kousuke,
On Thu, Feb 16, 2012 at 06:14:51PM +0900,
(12/02/16 16:24), J David wrote:
reported magic_quotes_gpc as Off/On, but magic quotes behavior started
happening anyway. Of course I just moved the configuration to the
I've also confirmed this behavior in snapshot version of PHP 5.3 (Build on Feb
16, 2012 00:30 UTC).
I tested my
Hi Kousuke,
On Thu, Feb 16, 2012 at 06:14:51PM +0900, Kousuke Ebihara wrote:
(12/02/16 16:24), J David wrote:
reported magic_quotes_gpc as Off/On, but magic quotes behavior started
happening anyway. Of course I just moved the configuration to the
I've also confirmed this behavior in
On Tue, Feb 14, 2012 at 8:35 AM, Ferenc Kovacs tyr...@gmail.com wrote:
as far as I can see the referenced fix (
http://svn.php.net/viewvc?view=revisionrevision=323016) never made to the
5.3.10 release (
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_10/?pathrev=323032view=log
)
On 02/15/2012 11:24 PM, J David wrote:
On Tue, Feb 14, 2012 at 8:35 AM, Ferenc Kovacs tyr...@gmail.com wrote:
as far as I can see the referenced fix (
http://svn.php.net/viewvc?view=revisionrevision=323016) never made to the
5.3.10 release (
On Thu, Feb 16, 2012 at 2:33 AM, Rasmus Lerdorf ras...@lerdorf.com wrote:
On 02/15/2012 11:24 PM, J David wrote:
The specific circumstance was that magic_quotes_gpc was being set to
off in Apache via php_flag, rather than in the .ini file. phpinfo()
reported magic_quotes_gpc as Off/On, but
Hi,
I've noticed the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment variables,
which makes it easier for remote attackers to
Am 14.02.2012 14:02, schrieb Kousuke Ebihara:
Hi,
I've noticed the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(12/02/14 22:07), Reindl Harald wrote:
who in the world has magic_quotes on and does rely on any
addslashes() or magic_quotes thinking this makes any query
safe against sql-injection?
without mysql_real_escape() you are completly unprotected
in
2012/2/14 Kousuke Ebihara kous...@co3k.org
Hi,
I've noticed the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment variables,
Hi,
1. In PHP 5.3.10 and before, magic_quotes_gpc is disabled even if it is
enabled in php.ini.
No the vulnerability allows attackers to disable activated magic_quotes_gpc
with a remote exploit.
2. If my PHP scripts don't depend on magic quote feature, in this case, I
don't need to
11 matches
Mail list logo
