Posted on: 05/16/02 02:09pm
By: Anonymous (Anonymous)
Thanks in advance.
Marc
Posted on: 05/16/02 03:18pm
By: Dirk
This sounds like yet another case of register_globals=off in your php.ini. Find that line in that file, change it to =on, restart your webserver and it should work.
bye, Dirk
Posted on: 05/31/02 08:21pm
By: amckay
What kind of effort would be involved in changing GL to work with this off? It sounds like a fairly serious issue, potentially.
Click here for details from PHP.NET[*1]
cheers,
-Alan
Posted on: 06/01/02 01:08am
By: Dirk
This has been discussed and we decided to leave it as it is and do it right in the upcoming rewrite.
I have done the necessary changes for the install script, the user preferences and the login/logout procedure and I can tell you it is a lot of work that requires lots of changes all over the place. With all theses changes, we risk introducing new bugs in places that worked before, so that's why it was decided to not make the changes in the current code base.
As for the security concerns: AFAICS you can not override Geeklog's security layer this way, so it's not really a security issue. You could, I assume, confuse Geeklog here and there but I have yet to see a case where you could, say, damage the database with this approach.
bye, Dirk