Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Feb 2002 11:55:10 +0100
From:      Tobias Roth <roth@iamexwi.unibe.ch>
To:        freebsd-security@freebsd.org
Subject:   Re: PHP 4.1.1 security bug
Message-ID:  <20020228115510.A21754@klee.unibe.ch>
In-Reply-To: <"from melange"@yip.org>
References:  <DBEMKGPNFGOGJHLMDNDJMEMGGCAA.mitayai@dreamlabs.com> <"from mitayai"@dreamlabs.com> <20020227152720.G40253@yip.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Feb 27, 2002 at 01:11:23PM -0500, Mit Rowe wrote:
> > Ref:
> > http://www.php.net
> > http://security.e-matters.de/advisories/012002.html
> 
> The advisory mentions a workaround (Recommendation) for php4
> (file_uploads in php.ini), but nothing for php3 - does anyone know if
> there is something that can be done for that besides disabling it?
> (until it's finished recompiling, I mean)

I tried this workaround, but I don't know if everything is ok:
with file_uploads = On, phpinfo() shows file_uploads = 1
with file_uploads = Off, phpinfo() shows file_uploads = no value

so is 'no value' OK? I'd rather see a 'Off' instead

cheers, T.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020228115510.A21754>