1. phpLiteAdmin Avatar phpLiteAdmin
  2. phpLiteAdmin
  3. public
  4. Issues

Auto-Logout if register_globals is on

Issue #15 resolved
Former user created an issue

Originally reported on Google Code with ID 15 ``` What steps will reproduce the problem? 1. in php.ini set register_globals=On 2. Login 3. Click any link / reload

What is the expected output? What do you see instead? I get logged out.

What version of the product are you using? On what operating system? I use v1.8.5 on Debian Linux, php5.2.5 (cgi)

```

Reported by `ChristianSenkowski` on 2011-04-28 19:29:10

Comments (10)

  1. Former user Account Deleted

    ``` v1.8.3 not 1.8.5 :) ```

    Reported by `ChristianSenkowski` on 2011-04-28 19:30:21

  2. Former user Account Deleted

    ``` Just downloaded and tried phpliteadmin and I'm getting this problem. Only my register_globals is off. I'm running CentOS 5.5 and php 5.1.6 via fastcgi (lighttpd). ```

    Reported by `stanz3k` on 2011-05-04 17:14:09

  3. Former user Account Deleted

    ``` I'm getting this problem too... Maybe a PHP5 issue? I am running on Abyss X1 web server and getting this issue ```

    Reported by `nick.kelly.mail` on 2011-05-10 11:20:43

  4. Former user Account Deleted

    ``` I was also getting this problem until I turned register_globals off. I'm using phpliteadmin v1.8.4 with PHP v5.2.10 and Abyss Web Server v2.6. ```

    Reported by `juef17@hotmail.com` on 2011-05-22 14:47:13

  5. Dane Iracleous

    ``` You need to turn register_globals off. v1.8.5 won't let you proceed without doing so. ```

    Reported by `diracleo` on 2011-05-28 23:15:29 - Status changed: `WontFix`

  6. Former user Account Deleted

    ``` Sorry to hear that. Its a customers webspace and there i cant remove register_globals because none of their scripts would work anymore. So for now I removed the whole authentication and added a htpasswd in this directory. ```

    Reported by `ChristianSenkowski` on 2011-06-03 06:14:05

  7. Dane Iracleous

    ``` Yeah, I would like for it to work whether register_globals is turned on or off, but I don't know how to do it. Do you have any ideas? This is definitely something to work on. ```

    Reported by `diracleo` on 2011-06-03 08:08:59 - Status changed: `Started`

  8. Former user Account Deleted

    ``` Seems to be fixed in v1.8.6 ? I just commented out the register_globals-warning and everything went fine - may somebody else proof this pls ? Thanks for fixing btw :) ```

    Reported by `ChristianSenkowski` on 2011-06-08 12:52:30

  9. Dane Iracleous

    ``` I guess this is fixed now. If not, feel free to reopen this issue. ```

    Reported by `diracleo` on 2012-06-02 10:31:58 - Status changed: `Fixed`

  10. Christopher Kramer

    ``` Well, by default phpLiteAdmin does not allow you to work with register_globals enabled. Therefore, auto-logout is of course no issue any more ;-)

    We could think about whether we want phpLiteAdmin to work although register_globals is enabled, though.

    But I think register_globals opens lots of security problems. Therefore, I think it is not bad to force people to disable it.

    In my opinion, register_globals should have been dropped completely in PHP5 already. At last, it has been marked deprecated in PHP 5.3 and dropped in 5.4.

    So if anybody still uses it, he should really learn how to use GET/POST.

    By the way: If somebody really has old code that needs register_globals enabled, you can manually register all globals at the top of your script. See http://de.php.net/manual/en/security.globals.php#82213

    We could also allow register_globals to be enabled and manually unset all registered global variables. Lots of example functions around, e.g. this one: http://de.php.net/manual/en/security.globals.php#87101 ```

    Reported by `crazy4chrissi` on 2012-06-02 10:45:13

  11. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Component
Milestone
Version
Votes
0
Watchers
0
Jira: the preferred issue tracker for Bitbucket. Join the team!