PHP vulnerabilities?
Jim Popovitch
jimpop at yahoo.com
Sat Dec 18 04:50:42 UTC 2004
On Fri, 2004-12-17 at 23:35 -0500, Matthew Nuzum wrote:
> There are backwards compat issues. For one, php 4.2 started shipping
> with register globals off which is likely to break compatibility in a
> major way. It should be easy though to create an RPM that ships with
> register globals on.
register_globals was defaulted to off for a reason (see:
http://us2.php.net/register_globals). Besides, those willing to enable
it can do so simply in php.ini.
> However, there have been many other changes since then. In evaluating my
> response to this problem I spent a bit of time yesterday going through
> the change logs on the php.net website. The relevant changes were 27
> pages long as printed on US Letter sized paper.
27 pages is a lot. Granted I am not for adding new-func via FL, however
clearly those 27 pages represent a LOT of security/bug fixes.
-Jim P.
More information about the fedora-legacy-list
mailing list