Additional bugs in gallery

[full-disclosure () lists netsys com (Nicola Fankhauser)]

On Thu, 2002-08-01 at 13:40, avart () gmx de wrote:

> # Why do you post this problem again?
> Because the author of the announcement on the gallery website said:
> An alternative to doing a full upgrade is to patch the files that contain
> the security fix. This is relativ
> ely easy to do. All you need to do is edit these files:
> errors/configmode.php
> errors/needinit.php
> errors/reconfigure.php
> errors/unconfigured.php
>
> That's not absolutely right...you have to patch the file:
> captionator.php too!

the reason might be that until release 1.2.5 there was no such file.
only release 1.3 seems to have it.

anyway, good to know about this one too. this vulnerability shows how
dangerous it is doing serious work with register_globals = on in
php.ini. 

reasonable decision from the php developer team to default it off since
version 4.1 IIRC. the problem is only that a large existing application
base depends on it being turned on.

another problem with Gallery is that it cannot be run in safemode, which
would at least have given _some_ protection.

I don't know since when it's possible to turn off register_globals
(possibly ages) - but at least I had such a mess with my first script
because this option was turned on, so that I immediately turned it off.
the security aspect came later... :)

regards
nicola