Return-Path: <pdontthink@angrynerds.com>
Received: from muffin ([unix socket])
	by muffin (Cyrus v2.1.13) with LMTP; Thu, 26 Jun 2003 15:35:32 -0400
X-Sieve: CMU Sieve 2.2
Return-Path: <pdontthink@angrynerds.com>
Received: from patiencehosting.net (unknown [216.65.63.39])
	by muffin.linuxnotes.net (Postfix) with ESMTP id 35A2B2493C
	for <quincy@linuxnotes.net>; Thu, 26 Jun 2003 15:35:32 -0400 (EDT)
Received: from angrynerds.com (tycho [127.0.0.1])
	by patiencehosting.net (Postfix) with SMTP
	id CAA0F3315D; Thu, 26 Jun 2003 12:27:37 -0700 (PDT)
Received: from 155.14.18.141
        (SquirrelMail authenticated user paul@angrynerds.com)
        by openguild.net with HTTP;
        Thu, 26 Jun 2003 12:27:37 -0700 (PDT)
Message-ID: <4492.155.14.18.141.1056655657.squirrel@openguild.net>
Date: Thu, 26 Jun 2003 12:27:37 -0700 (PDT)
Subject: Re: [SM-PLUGINS] Re: address group plugin
From: <pdontthink@angrynerds.com>
To: <quincy@linuxnotes.net>
In-Reply-To: <54604.192.204.186.114.1056653624.squirrel@linuxnotes.net>
References: <20030626021911.3948.qmail@web21303.mail.yahoo.com>
        <4712.68.80.54.61.1056622238.squirrel@linuxnotes.net>
        <000b01c33be4$61d61c30$1601a8c0@surfglobal.net>
        <54218.192.204.186.114.1056634932.squirrel@linuxnotes.net>
        <002401c33bf0$052a3d70$1601a8c0@surfglobal.net>
        <3541.65.246.246.82.1056639663.squirrel@www.wingfoot.org>
        <54604.192.204.186.114.1056653624.squirrel@linuxnotes.net>
X-Priority: 3
Importance: Normal
Cc: <rainbear+lists@wingfoot.org>, <paultest@surfglobal.net>,
	<squirrelmail-plugins@lists.sourceforge.net>
Reply-To: pdontthink@angrynerds.com
X-Mailer: SquirrelMail (version 1.2.11 [cvs])
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

> Wooohooo!!
>
> Ok, I *am* still a newbie so it takes me a little while, but I believe I
> have your answer!
>
> Check /etc/php.ini and look for
>
> register_globals        =       Off
>
> Change to:
>
> register_globals        =       On
>
> and you should be golden.

Ouch.  I didn't realize this plugin wasn't compatible with rg=off.  That's
not so good.  This is a security issue, and thus many people will not be
able to set it to On.  I'm glad this came up, actually, because that is
one glaring ommission I made on the plugin documentation rewrite.  I will
be adding that to the Plugin Standards document...

Fixing it to work with rg=off isn't very hard at all, and it's definitely
something you should make as a priority for the plugin if you have the
time.  It usually boils down to putting a line like this (one for each
POST/GET variable) at the top of each file that is called from a <form>
submission:

  global $variable_name;
  sqgetGlobalVar('variable_name', $variable_name, SQ_FORM);

cheers,

  paul



