Closed GoogleCodeExporter closed 9 years ago
v1.8.3 not 1.8.5 :)
Original comment by Christia...@gmail.com
on 28 Apr 2011 at 7:30
Just downloaded and tried phpliteadmin and I'm getting this problem. Only my
register_globals is off. I'm running CentOS 5.5 and php 5.1.6 via fastcgi
(lighttpd).
Original comment by stan...@gmail.com
on 4 May 2011 at 5:14
I'm getting this problem too... Maybe a PHP5 issue? I am running on Abyss X1
web server and getting this issue
Original comment by nick.kel...@gmail.com
on 10 May 2011 at 11:20
I was also getting this problem until I turned register_globals off. I'm using
phpliteadmin v1.8.4 with PHP v5.2.10 and Abyss Web Server v2.6.
Original comment by jue...@hotmail.com
on 22 May 2011 at 2:47
You need to turn register_globals off. v1.8.5 won't let you proceed without
doing so.
Original comment by daneirac...@gmail.com
on 28 May 2011 at 11:15
Sorry to hear that. Its a customers webspace and there i cant remove
register_globals because none of their scripts would work anymore. So for now I
removed the whole authentication and added a htpasswd in this directory.
Original comment by Christia...@gmail.com
on 3 Jun 2011 at 6:14
Yeah, I would like for it to work whether register_globals is turned on or off,
but I don't know how to do it. Do you have any ideas? This is definitely
something to work on.
Original comment by daneirac...@gmail.com
on 3 Jun 2011 at 8:08
[deleted comment]
Seems to be fixed in v1.8.6 ? I just commented out the register_globals-warning
and everything went fine - may somebody else proof this pls ? Thanks for fixing
btw :)
Original comment by Christia...@gmail.com
on 8 Jun 2011 at 12:52
I guess this is fixed now. If not, feel free to reopen this issue.
Original comment by daneirac...@gmail.com
on 2 Jun 2012 at 10:31
Well, by default phpLiteAdmin does not allow you to work with register_globals
enabled. Therefore, auto-logout is of course no issue any more ;-)
We could think about whether we want phpLiteAdmin to work although
register_globals is enabled, though.
But I think register_globals opens lots of security problems. Therefore, I
think it is not bad to force people to disable it.
In my opinion, register_globals should have been dropped completely in PHP5
already. At last, it has been marked deprecated in PHP 5.3 and dropped in 5.4.
So if anybody still uses it, he should really learn how to use GET/POST.
By the way: If somebody really has old code that needs register_globals
enabled, you can manually register all globals at the top of your script. See
http://de.php.net/manual/en/security.globals.php#82213
We could also allow register_globals to be enabled and manually unset all
registered global variables. Lots of example functions around, e.g. this one:
http://de.php.net/manual/en/security.globals.php#87101
Original comment by crazy4ch...@gmail.com
on 2 Jun 2012 at 10:45
Original issue reported on code.google.com by
Christia...@gmail.com
on 28 Apr 2011 at 7:29