PDA

View Full Version : Mail from webmaster


Yannick
01-14-2004, 01:56 PM
I have received an email from <spam sucks> to modify quickly the config.php ! What is the problem ? Is it serious ?

Yannick

bdub
01-14-2004, 02:12 PM
I just now received the same email. I'd like to find out some particulars before I blindly add the code though.

Anybody know anything about it?

rayvd
01-14-2004, 02:15 PM
Hmm... it looks legit, but I think there would only be a problem if register_globals were on *gasp*. $relative_script_path could be overwritten with a form variable and you could read in files off the filesystem.

Correct?

slimjimb
01-14-2004, 02:15 PM
I have received the same email. It doesn't look right to me - I won't be making any modifications unless information is posted on this site confirming it is genuine.

Jim

rayvd
01-14-2004, 02:17 PM
Wise indeed. I think you're OK though unless you have register_globals on...

bloodjelly
01-14-2004, 02:21 PM
I just got it too, but there was no message with it, which made it look way too suspicious. Why wouldn't the webmaster tell us the reason to change the code? I'm not going to change.

rayvd
01-14-2004, 02:27 PM
Well, I just enabled register_globals on my site to see if I could overwrite $relative_script_path, but it still wouldn't work...

timepoint5
01-14-2004, 02:28 PM
edit

rayvd
01-14-2004, 02:31 PM
Well, I haven't tried the snippet, but I don't think it will shut down phpDig will it? $relative_script_path _should_ be set to either '.' or '..' (it's set in index.php or in various files in the admin/ folder to either of these values).

All this code does is ensure that the variable has not been tampered with.

Strange the way it was sent out though!

timepoint5
01-14-2004, 02:31 PM
Sorry too tired

rayvd
01-14-2004, 02:35 PM
I think the "fix" is harmless, but also unnecessary! lol, weird...

Charter
01-14-2004, 02:38 PM
Hi. Forgive the terseness of my email. See this (http://www.phpdig.net/showthread.php?threadid=393) thread.

I also added a line of code that wasn't in the email, just for those with warnings set on high.

The fix is needed, and we don't need to be talking about it further if you know what I mean. Thanks.