Tomas Kuliavas said: > It is strongly recommended to run SquirrelMail and other PHP scripts with > register_globals turned off. Provider should turn globals only when > scripts are broken, don't work in rg=off and you can't fix those scripts. > > You can use SquirrelMail 1.4.6 in rg=on setup, but you won't pass > configtest. I'll protest, if somebody tries to make rg=on check non-fatal > in SM-1_4-STABLE branch. We are trying to prevent use of insecure > SquirrelMail and PHP setups.
A PHP coder I know had this to say: If you want to pass on my comments, tell them to stop using uninitalised variables and not to use extract($_POST) because it's almost the same as register_globals on. ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
