I upgraded to the latest security patch 6.1.3

CampethoMedia posted 23rd of July 2008 in Community Voice. 4 comments.

Anyone who knows if the globals is to be set to 'off' after upgrade Dolphin 6.1.2 with the security patch 6.1.3?

 
Comments
·Oldest
·Top
Please login to post a comment.
sammie
it should always be set to off,
gameutopia
Hey CampethoMedia,

Register Globals should always be off. This isn't related to dolphin but your host. If they have it set to on you are asking for trouble.

Some old scripts suggest it on, and you can do this with .htaccess or php.ini overiding your host, but this is not recommended.

If your host does have it on, you should either override it and turn it off with .htaccess or php.ini if you can. or simply find a new host. Register globals on has the posibility to inject anyscript with some see more not so good stuff.

If you want to verify your globals or learn how to turn them off try this:


http://www.dialme.com/articles/entry/SafeHTML-Remote-File-Inclusion
mshehi
I installed 6.1.3 on my 1&1 server and got nailed through remote inclusion - db.php and error.php. 1&1 says php 5.0 has register globals set to off. Does 6.1.4 take care of denying inclusion or do I need to edit some files? Thanks
mshehi
I used the fix and got the following error when I try to navigate to my site (ver. 6.1.4):

Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in /homepages/8/d178253148/htdocs/michaelshehi/family/ray/modules/global/inc/content.inc.php on line 228

Any Ideas?
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.054326057434082