I have received an email from <spam sucks> to modify quickly the config.php ! What is the problem ? Is it serious ?

Yannick

I just now received the same email. I'd like to find out some particulars before I blindly add the code though.

Anybody know anything about it?

Hmm... it looks legit, but I think there would only be a problem if register_globals were on *gasp*. $relative_script_path could be overwritten with a form variable and you could read in files off the filesystem.

Correct?

I have received the same email. It doesn't look right to me - I won't be making any modifications unless information is posted on this site confirming it is genuine.

Jim

Wise indeed. I think you're OK though unless you have register_globals on...

I just got it too, but there was no message with it, which made it look way too suspicious. Why wouldn't the webmaster tell us the reason to change the code? I'm not going to change.

Well, I just enabled register_globals on my site to see if I could overwrite $relative_script_path, but it still wouldn't work...

edit

Well, I haven't tried the snippet, but I don't think it will shut down phpDig will it? $relative_script_path _should_ be set to either '.' or '..' (it's set in index.php or in various files in the admin/ folder to either of these values).

All this code does is ensure that the variable has not been tampered with.

Strange the way it was sent out though!

Sorry too tired

I think the "fix" is harmless, but also unnecessary! lol, weird...

Hi. Forgive the terseness of my email. See this (http://www.phpdig.net/showthread.php?threadid=393) thread.

I also added a line of code that wasn't in the email, just for those with warnings set on high.

The fix is needed, and we don't need to be talking about it further if you know what I mean. Thanks.