Quick hack to get mlmmj to work in PHP 5

Quick hack to get mlmmj to work in PHP 5

[Gareth Fiford]

Quick hack to get php user and admin to work in PHP5

add the following to
/usr/share/mlmmj/contrib/web/php-admin/conf/config.php

/usr/share/mlmmj/contrib/web/php-user/mlmmj.php

$HTTP_GET_VARS = $_GET;
foreach($_GET as $key => $value) {
	$$key=$value;
}

$HTTP_POST_VARS = $_POST;
foreach($_POST as $key => $value) {
	$$key=$value;
}

Re: Quick hack to get mlmmj to work in PHP 5

[Christian Laursen]

Gareth Fiford <gareth@phporaclehosting.com> writes:

> Quick hack to get php user and admin to work in PHP5

[snip]

Or you could probably just enable register_globals in your virtual
host configuration.

-- 
Christian Laursen

Re: Quick hack to get mlmmj to work in PHP 5

[Gareth Fiford]

Register globals is a security no no

Http_post_vars depricated on favour of _POST

Same for get

Sent from my iPhone

On 7 Aug 2008, at 08:38, Christian Laursen <xi@borderworlds.dk> wrote:

> Gareth Fiford <gareth@phporaclehosting.com> writes:
>
>> Quick hack to get php user and admin to work in PHP5
>
> [snip]
>
> Or you could probably just enable register_globals in your virtual
> host configuration.
>
> -- 
> Christian Laursen
>

Re: Quick hack to get mlmmj to work in PHP 5

[Christian Laursen]

Gareth Fiford <gareth@phporaclehosting.com> writes:

> On 7 Aug 2008, at 08:38, Christian Laursen <xi@borderworlds.dk> wrote:
>
>> Gareth Fiford <gareth@phporaclehosting.com> writes:
>>
>>> Quick hack to get php user and admin to work in PHP5
>>
>> [snip]
>>
>> Or you could probably just enable register_globals in your virtual
>> host configuration.
>
> Register globals is a security no no

Yes, but disabling register_globals and implementing the same thing
yourself is just as bad (Actually I think it is worse).

-- 
Christian Laursen

Re: Quick hack to get mlmmj to work in PHP 5

[Franky Van Liedekerke]

On Thu, 07 Aug 2008 15:34:05 +0200
Christian Laursen <xi@borderworlds.dk> wrote:

> Gareth Fiford <gareth@phporaclehosting.com> writes:
> 
> > On 7 Aug 2008, at 08:38, Christian Laursen <xi@borderworlds.dk>
> > wrote:
> >
> >> Gareth Fiford <gareth@phporaclehosting.com> writes:
> >>
> >>> Quick hack to get php user and admin to work in PHP5
> >>
> >> [snip]
> >>
> >> Or you could probably just enable register_globals in your virtual
> >> host configuration.
> >
> > Register globals is a security no no
> 
> Yes, but disabling register_globals and implementing the same thing
> yourself is just as bad (Actually I think it is worse).
> 

I don't think anything that drastic is needed for the php interface.
Just change any occurence of $HTTP_GET_VARS into $_GET, $HTTP_POST_VARS
into $_POST and $HTTP_SERVER_VARS into $_SERVER. It requires some
editing, but is the best way to go. If people are not willing to do
this editing, download it from here:
http://www.e-dynamics.be/programs/php_interface.tar.gz

Franky

Re: Quick hack to get mlmmj to work in PHP 5

[Gareth Fiford]

You don't need to disable globals for this to work

No one is going to enable globals on any of my servers

As mentioned this is a complete hack

The front ends need rewriting in more modern OO php5 with may be a  
library do people can extend it

At least with my hack the evil of globals is limited to the specific  
scripts where it is implemented

Sent from my iPhone

On 7 Aug 2008, at 14:34, Christian Laursen <xi@borderworlds.dk> wrote:

> Gareth Fiford <gareth@phporaclehosting.com> writes:
>
>> On 7 Aug 2008, at 08:38, Christian Laursen <xi@borderworlds.dk>  
>> wrote:
>>
>>> Gareth Fiford <gareth@phporaclehosting.com> writes:
>>>
>>>> Quick hack to get php user and admin to work in PHP5
>>>
>>> [snip]
>>>
>>> Or you could probably just enable register_globals in your virtual
>>> host configuration.
>>
>> Register globals is a security no no
>
> Yes, but disabling register_globals and implementing the same thing
> yourself is just as bad (Actually I think it is worse).
>
> -- 
> Christian Laursen
>

Re: Quick hack to get mlmmj to work in PHP 5

[Thomas Goirand]

Gareth Fiford wrote:
> Register globals is a security no no
>
> You don't need to disable globals for this to work
>
> No one is going to enable globals on any of my servers

I would rather add a very small .htaccess or a directive in
/etc/apache2, with the proper php directive to enable register globals.
That is much much better than modifying files of a package that will be
overwritten at the next upgrade. I don't see why using "Register
globals" only for the faulty script is less safer than your hack (in
fact, your hack is even more dangerous, as it's badly written, it
forgets about things in sessions for example, so it's not fully
compatible with enabling register globals).

> Http_post_vars depricated on favour of _POST
> 
> Same for get

And both are to be avoided, it's been YEARS that I recommend using
$_REQUEST instead so you don't need to bother if the variables are
coming from GET, POST, or even the cookies.

> Sent from my iPhone

No one is going to enable an iPhone on any of my servers :)

Thomas

Re: Quick hack to get mlmmj to work in PHP 5

[Gareth Fiford]

Ps you do seem like an angry bunch, do you give this much of a hard  
time to everyone who wants to help your project?

Sent from my iPhone

On 7 Aug 2008, at 20:08, Thomas Goirand <thomas@goirand.fr> wrote:

> Gareth Fiford wrote:
>> Register globals is a security no no
>>
>> You don't need to disable globals for this to work
>>
>> No one is going to enable globals on any of my servers
>
> I would rather add a very small .htaccess or a directive in
> /etc/apache2, with the proper php directive to enable register  
> globals.
> That is much much better than modifying files of a package that will  
> be
> overwritten at the next upgrade. I don't see why using "Register
> globals" only for the faulty script is less safer than your hack (in
> fact, your hack is even more dangerous, as it's badly written, it
> forgets about things in sessions for example, so it's not fully
> compatible with enabling register globals).
>
>> Http_post_vars depricated on favour of _POST
>>
>> Same for get
>
> And both are to be avoided, it's been YEARS that I recommend using
> $_REQUEST instead so you don't need to bother if the variables are
> coming from GET, POST, or even the cookies.
>
>> Sent from my iPhone
>
> No one is going to enable an iPhone on any of my servers :)
>
> Thomas

Re: Quick hack to get mlmmj to work in PHP 5

[Thomas Goirand]

Gareth Fiford wrote:
> Ps you do seem like an angry bunch, do you give this much of a hard time
> to everyone who wants to help your project?

Do people that disagree with you always seems angry to your eyes? Thanks
for commenting the way I communicate on my project, even though I never
saw your posts in our forums or mailing lists. I didn't mean to be
aggressive, I just disagree and try to tell you my point about it, which
is the very point of such list.

If that's the way you see open source collaboration, I don't think you
got the vibe/spirit: relax! :)

Thomas

P.S: Please, shall we keep such useless message in private please