Return-Path: <paultest@surfglobal.net>
Received: from muffin ([unix socket])
	by muffin (Cyrus v2.1.13) with LMTP; Thu, 26 Jun 2003 15:56:52 -0400
X-Sieve: CMU Sieve 2.2
Return-Path: <paultest@surfglobal.net>
Received: from ms4.surfglobal.net (ms4.surfglobal.net [64.30.60.17])
	by muffin.linuxnotes.net (Postfix) with ESMTP id 0F9542493C
	for <quincy@linuxnotes.net>; Thu, 26 Jun 2003 15:56:52 -0400 (EDT)
Received: from ms4.surfglobal.net (localhost [127.0.0.1])
	by localhost (Postfix) with ESMTP
	id A4AD42023C; Thu, 26 Jun 2003 15:56:41 -0400 (EDT)
Received: by ms4.surfglobal.net (Postfix, from userid 65534)
	id 8C7AA205C4; Thu, 26 Jun 2003 15:56:41 -0400 (EDT)
Received: from ws11 (unknown [207.136.213.36])
	by ms4.surfglobal.net (Postfix) with SMTP
	id 853212023C; Thu, 26 Jun 2003 15:56:36 -0400 (EDT)
Message-ID: <00ee01c33c1d$0cf4e500$1601a8c0@surfglobal.net>
From: "paultest" <paultest@surfglobal.net>
To: <pdontthink@angrynerds.com>, <quincy@linuxnotes.net>
Cc: <squirrelmail-plugins@lists.sourceforge.net>
References: <20030626021911.3948.qmail@web21303.mail.yahoo.com>        <4712.68.80.54.61.1056622238.squirrel@linuxnotes.net>        <000b01c33be4$61d61c30$1601a8c0@surfglobal.net>        <54218.192.204.186.114.1056634932.squirrel@linuxnotes.net>        <002401c33bf0$052a3d70$1601a8c0@surfglobal.net>        <3541.65.246.246.82.1056639663.squirrel@www.wingfoot.org>        <54604.192.204.186.114.1056653624.squirrel@linuxnotes.net> <4492.155.14.18.141.1056655657.squirrel@openguild.net>
Subject: Re: [SM-PLUGINS] Re: address group plugin
Date: Thu, 26 Jun 2003 15:56:35 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Status: No, hits=-13.3 required=5.5
	tests=AWL,BAYES_01,HTML_00_10,HTML_MESSAGE,QUOTED_EMAIL_TEXT,
	      REFERENCES
	autolearn=ham	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)

I do have a question?

Is adding this to just the plugin abook_groups or SM wide?




> Wooohooo!!
>
> Ok, I *am* still a newbie so it takes me a little while, but I believe I
> have your answer!
>
> Check /etc/php.ini and look for
>
> register_globals        =       Off
>
> Change to:
>
> register_globals        =       On
>
> and you should be golden.

Ouch.  I didn't realize this plugin wasn't compatible with rg=off.  That's
not so good.  This is a security issue, and thus many people will not be
able to set it to On.  I'm glad this came up, actually, because that is
one glaring ommission I made on the plugin documentation rewrite.  I will
be adding that to the Plugin Standards document...

Fixing it to work with rg=off isn't very hard at all, and it's definitely
something you should make as a priority for the plugin if you have the
time.  It usually boils down to putting a line like this (one for each
POST/GET variable) at the top of each file that is called from a <form>
submission:

  global $variable_name;
  sqgetGlobalVar('variable_name', $variable_name, SQ_FORM);

cheers,

  paul




-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
--
squirrelmail-plugins mailing list
List Address: squirrelmail-plugins@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins
http://squirrelmail.org/cvs


