View Issue Details

IDProjectCategoryView StatusLast Update
0001185Main CAcert Websitemiscpublic2013-11-03 21:25
Reporterlp.algarvio Assigned ToBenBE  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionduplicate 
PlatformMain CAcert WebsiteOSN/A 
Product Version2013 Q2 
Target Version2013 Q3Fixed in Version2013 Q3 
Summary0001185: register globals
DescriptionAs you may know by now, register_globals is insecure and deprecated in newer versions of PHP.

More even, since PHP 5.4.0, it has been removed.

The code needs to be updated.
Additional InformationFairly simple, at least till my current debugging.

In cacert/includes/general.php

replace
    session_register("_config");
    session_register("profile");
    session_register("signup");
    session_register("lostpw");
// if($_SESSION['profile']['id'] > 0)
// session_regenerate_id();

with
    $_SESSION['_config'] = '';
    $_SESSION['profile'] = '';
    $_SESSION['signup'] = '';
    $_SESSION['lostpw'] = '';
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

duplicate of 0001176 closedBenBE Fix Deprecation messages due to PHP update 

Activities

BenBE

2013-07-02 19:17

updater   ~0004090

Your patch is incomplete and lacks the proper types for the _config and profile variables. Please use the patch provided for bug 0001176 to avoid issues with the session management.

NEOatNHNG

2013-07-23 20:31

administrator   ~0004181

Should be solved now because 0001176 is in production

Issue History

Date Modified Username Field Change
2013-07-02 03:10 lp.algarvio New Issue
2013-07-02 03:10 lp.algarvio Additional Information Updated View Revisions
2013-07-02 19:08 BenBE Relationship added duplicate of 0001176
2013-07-02 19:17 BenBE Note Added: 0004090
2013-07-02 19:17 BenBE Assigned To => BenBE
2013-07-02 19:17 BenBE Severity crash => minor
2013-07-02 19:17 BenBE Status new => fix available
2013-07-02 19:17 BenBE Resolution open => duplicate
2013-07-02 19:17 BenBE Category => misc
2013-07-23 20:31 NEOatNHNG Note Added: 0004181
2013-07-23 20:31 NEOatNHNG Status fix available => solved?
2013-07-23 22:02 INOPIAE Fixed in Version => 2013 Q3
2013-07-23 22:02 INOPIAE Target Version => 2013 Q3
2013-11-03 21:25 INOPIAE Status solved? => closed