Off Topic

:

Sorry for this question, but why did you choose to host this site on aruba? It is known that there are better hosting providers... "^_^

Cause it's not so bad until they close the site

____________
Zubr sole verde cucchiaio

This not a BUG is a General Support or OFF Topic.

____________
ThE KuKa - www.phpBB-Es.COM - Custom Installations phpBB

Bicet wrote: [View Post]

Cause it's not so bad until they close the site

Yeah, but why do you wanna risk to get the site closed one day?

this is a problem, a lot of users can not modify regsiter globals off

ummmm

____________
jack of all trades, master of none
http://www.mieloma.com/ - http://www.casimedicos.com/ - http://www.egalego.com/ - http://www.casimedicos.com.es/ - http://www.medicosmir.com/

Use mod_rewrite in your hosting?

____________
ThE KuKa - www.phpBB-Es.COM - Custom Installations phpBB

Here you can't.
In Aruba's Knowledge Base there's an article in which is explained what you can and what you can't put in your .htacces...

____________
Megabass

At the moment we have found a fix for the security hole in HACKS LIST.

Since I'm not sure that it is the only problem, I'm testing an emulation of REGISTER_GLOBALS = OFF.

I'm testing this new function here... if it works, this will be added as a new patch.

The function can be found here for all that could be interested in.

http://it.php.net/manual/en/faq.mis...registerglobals

____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON

ganesh wrote: [View Post]

Here you can't.
In Aruba's Knowledge Base there's an article in which is explained what you can and what you can't put in your .htacces...

Where is this? A link please? Can't find anything about Aruba Knowledge Base under google!

Mighty Gorgon wrote: [View Post]

At the moment we have found a fix for the security hole in HACKS LIST.

Since I'm not sure that it is the only problem, I'm testing an emulation of REGISTER_GLOBALS = OFF.

I'm testing this new function here... if it works, this will be added as a new patch.

The function can be found here for all that could be interested in.

http://it.php.net/manual/en/faq.mis...registerglobals

Code: [Download] [Hide] [Select]

Code: [Download] [Show]

<?php
// Emulate register_globals off
function unregister_GLOBALS()
{
   if (!ini_get('register_globals')) {
       return;
   }

   // Might want to change this perhaps to a nicer error
   if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
       die('GLOBALS overwrite attempt detected');
   }

   // Variables that shouldn't be unset
   $noUnset = array('GLOBALS',  '_GET',
                     '_POST',    '_COOKIE',
                     '_REQUEST', '_SERVER',
                     '_ENV',    '_FILES');

   $input = array_merge($_GET,    $_POST,
                         $_COOKIE, $_SERVER,
                         $_ENV,    $_FILES,
                         isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
  
   foreach ($input as $k => $v) {
       if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
           unset($GLOBALS[$k]);
       }
   }
}

unregister_GLOBALS();

?>

thanks
ill test it

____________
jack of all trades, master of none
http://www.mieloma.com/ - http://www.casimedicos.com/ - http://www.egalego.com/ - http://www.casimedicos.com.es/ - http://www.medicosmir.com/

And from reading http://php.net/manual/en/security.globals.php one can clearly see where all the problems stem from. Especially useful to know for people coding their own scripts, not just those using phpBB(XS).

Anyway this script is not needed if you're running CTracker, and I've discovered that a similar script has been added to phpBB to... but can't remember in which version...

I'll check and I'll be more precise in the future.

____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON