|
Download -
PHP Reference -
Links -
Demo 1.8.9 RC1 -
API
License - Credits - Copying - Changelog - Documentation |
|
|
01-14-2004, 12:56 PM
|
#1 |
|
Green Mole
Join Date: Oct 2003
Location: Reims - France
Posts: 22
|
Mail from webmaster
I have received an email from <spam sucks> to modify quickly the config.php ! What is the problem ? Is it serious ?
Yannick |
|
|
01-14-2004, 01:12 PM
|
#2 |
|
Green Mole
Join Date: Sep 2003
Location: Central Texas
Posts: 1
|
I just now received the same email. I'd like to find out some particulars before I blindly add the code though.
Anybody know anything about it? |
|
|
|
01-14-2004, 01:15 PM
|
#3 |
|
Green Mole
Join Date: Oct 2003
Location: Mesa, AZ
Posts: 15
|
Hmm... it looks legit, but I think there would only be a problem if register_globals were on *gasp*. $relative_script_path could be overwritten with a form variable and you could read in files off the filesystem.
Correct? |
|
|
|
01-14-2004, 01:15 PM
|
#4 |
|
Green Mole
Join Date: Dec 2003
Posts: 4
|
I have received the same email. It doesn't look right to me - I won't be making any modifications unless information is posted on this site confirming it is genuine.
Jim |
|
|
|
01-14-2004, 01:17 PM
|
#5 |
|
Green Mole
Join Date: Oct 2003
Location: Mesa, AZ
Posts: 15
|
Wise indeed. I think you're OK though unless you have register_globals on...
|
|
|
|
01-14-2004, 01:21 PM
|
#6 |
|
Purple Mole
Join Date: Dec 2003
Posts: 106
|
I just got it too, but there was no message with it, which made it look way too suspicious. Why wouldn't the webmaster tell us the reason to change the code? I'm not going to change.
__________________
Foundmyself.com artist community, art galleries |
|
|
|
01-14-2004, 01:27 PM
|
#7 |
|
Green Mole
Join Date: Oct 2003
Location: Mesa, AZ
Posts: 15
|
Well, I just enabled register_globals on my site to see if I could overwrite $relative_script_path, but it still wouldn't work...
|
|
|
|
01-14-2004, 01:28 PM
|
#8 |
|
Green Mole
Join Date: Dec 2003
Posts: 2
|
edit
Last edited by timepoint5; 01-14-2004 at 01:33 PM. |
|
|
|
01-14-2004, 01:31 PM
|
#9 |
|
Green Mole
Join Date: Oct 2003
Location: Mesa, AZ
Posts: 15
|
Well, I haven't tried the snippet, but I don't think it will shut down phpDig will it? $relative_script_path _should_ be set to either '.' or '..' (it's set in index.php or in various files in the admin/ folder to either of these values).
All this code does is ensure that the variable has not been tampered with. Strange the way it was sent out though! |
|
|
|
01-14-2004, 01:31 PM
|
#10 |
|
Green Mole
Join Date: Dec 2003
Posts: 2
|
Sorry too tired
Last edited by timepoint5; 01-14-2004 at 01:36 PM. |
|
|
|
01-14-2004, 01:35 PM
|
#11 |
|
Green Mole
Join Date: Oct 2003
Location: Mesa, AZ
Posts: 15
|
I think the "fix" is harmless, but also unnecessary! lol, weird...
|
|
|
|
01-14-2004, 01:38 PM
|
#12 |
|
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. Forgive the terseness of my email. See this thread.
I also added a line of code that wasn't in the email, just for those with warnings set on high. The fix is needed, and we don't need to be talking about it further if you know what I mean. Thanks.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
|
|
 |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Mail problems | Brock | Coding & Tutorials | 3 | 09-25-2005 09:00 PM |
| Exécution intempestive de mail() ? - Inopportune mail() carrying out ? | philbihr | Troubleshooting | 1 | 11-16-2004 02:21 AM |
| Mail Attachments | griffinmt | Coding & Tutorials | 2 | 06-13-2004 04:21 PM |
