[phplib] Re: [phplib-dev] security: READ THIS! From: nathan r. hruby (nathan <email protected>)
Date: 07/14/01

On Sat, 14 Jul 2001, giancarlo pinerolo wrote:

> Gosh
> with regards to this paper, named PHP Security Paper (a study in
> scarlet)...
>
> http://www.securereality.com.au/studyinscarlet.txt
>
> I always thought _PHPLIB was a defined constant, now I realize it is an
> array
> try this script please, which can override the $_PHPLIB[libdir] value.
>
> in the third input field, which overrides _PHPLIB[libdir], type '/tmp/',
> and it will include a file named 'test' there
>
> Giancarlo

[snip scripts]

This is becasue $_PHPLIB['libdir'] is only initalized if it isn't present.
Simply remvove the if(!(is_array($_PHPLIB)) { call and it will be better.
If you don't use this functionality in prepend.php3 (eg: you have phplib
in PHP's include_path) then simply define $_PHPLIB['libdir'] as a a NULL
or empty string.

Better yet, enable track_vars and disable register_globals for php, and
this won't be a problem, becasue your user input will be located in
$HTTP_GET_VARS['_PHPLIB'['libdir']] not in the global environment

-n 

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
nathan hruby / digital statement
nathan <email protected>
http://www.dstatement.com/

Public GPG key can be found at:
http://www.dstatement.com/nathan-gpg-key.txt
ED54 9A5E 132D BD01 9103  EEF3 E1B9 4738 EC90 801B
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-- 
Abbestellen mit Mail an:   phplib-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-help <email protected>