[libvirt] [PATCH] Re: Minor php errors in the libvirt search script?
[ Cc'ing back the list ] On Sun, Jan 09, 2011 at 03:11:29AM +1100, Justin Clift wrote:
Hi Daniel,
Noticing these php warning's showing up in the apache libvirt.org error log:
[Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 21, referer: http://libvirt.org/formatdomain.html [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 22, referer: http://libvirt.org/formatdomain.html [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: PHP_SELF in /data/www/libvirt.org/search.php on line 37, referer: http://libvirt.org/formatdomain.html
Any idea if they're something we need to care about?
Yup, the search php was designed in php4 time frame and those global variables are not turned off by default for security reasons http://fr.php.net/manual/en/security.registerglobals.php The following patch should fix those, thanks for raising the issue, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On 10/01/2011, at 5:41 PM, Daniel Veillard wrote:
[ Cc'ing back the list ] On Sun, Jan 09, 2011 at 03:11:29AM +1100, Justin Clift wrote:
Hi Daniel,
Noticing these php warning's showing up in the apache libvirt.org error log:
[Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 21, referer: http://libvirt.org/formatdomain.html [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 22, referer: http://libvirt.org/formatdomain.html [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: PHP_SELF in /data/www/libvirt.org/search.php on line 37, referer: http://libvirt.org/formatdomain.html
Any idea if they're something we need to care about?
Yup, the search php was designed in php4 time frame and those global variables are not turned off by default for security reasons http://fr.php.net/manual/en/security.registerglobals.php
The following patch should fix those,
Looks pretty simple, but not sure how to test it without having putting it on a PHP server with the right bits. Guess we ACK it, and see if it works?
On Mon, Jan 10, 2011 at 11:46:58PM +1100, Justin Clift wrote:
On 10/01/2011, at 5:41 PM, Daniel Veillard wrote:
[ Cc'ing back the list ] On Sun, Jan 09, 2011 at 03:11:29AM +1100, Justin Clift wrote:
Hi Daniel,
Noticing these php warning's showing up in the apache libvirt.org error log:
[Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 21, referer: http://libvirt.org/formatdomain.html [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 22, referer: http://libvirt.org/formatdomain.html [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: PHP_SELF in /data/www/libvirt.org/search.php on line 37, referer: http://libvirt.org/formatdomain.html
Any idea if they're something we need to care about?
Yup, the search php was designed in php4 time frame and those global variables are not turned off by default for security reasons http://fr.php.net/manual/en/security.registerglobals.php
The following patch should fix those,
Looks pretty simple, but not sure how to test it without having putting it on a PHP server with the right bits.
Guess we ACK it, and see if it works?
I pushed it, then someone reported errors, and I fixed those, so it should all be sorted out now :-) Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel Veillard -
Justin Clift