Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion CI is insecure with Register Globals enabled
CI is insecure with Register Globals enabled
  • El Forum
    Unregistered
  •  
#3
10-10-2007, 01:49 PM

[eluser]Jon L[/eluser]
re: misnomer - that may be, but my thought is that CI should make sure variables are being filled by CI, and not possibly passed via the URL (CI should be initializing all variables properly so they can't be filled by _REQUEST when not appropriate)

as for 0 vs off, i believe it's just a boolean value, so whichever works.

using ini_set won't work, as it would go into effect too late. also, using php flag values in htaccess usually doesn't work for SuPHP/PHPSuExec installs. (with SuPHP, it's actually possible to pass a different flag to achieve the same result)


btw, CodeCrafter looks interesting, just found it via your signature.


Messages In This Thread
CI is insecure with Register Globals enabled - by El Forum - 10-10-2007, 12:32 PM
CI is insecure with Register Globals enabled - by El Forum - 10-10-2007, 01:37 PM
CI is insecure with Register Globals enabled - by El Forum - 10-10-2007, 01:49 PM
CI is insecure with Register Globals enabled - by El Forum - 10-13-2007, 12:05 AM



Theme © iAndrew 2016 - Forum software by © MyBB