Topic Closed

Hello, I learned about gpEasy on the Make Use Of website. A user there said that because this cms requires "register global" to be turned on that this might be a security problem that could result in the site being hijacked. They referenced this link:

http://php.net/manual/en/security.globals.php

And this specific line from that site: "This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged."

I wanted to ask if the developers of gpEasy (or a knowledgeable user) have a response to this claim or has this concern been addressed in the latest release? Thanks!

10 years ago#671

Charles S
448 Posts
13.7K Downloads
2 Themes
8 Plugins

I went looking a bit for this info and found this:

http://www.gpeasy.com/index.php/Special_Forum?show=t57

I applied the htaccess mentioned in the post to my localhost install without a problem. . . but again, not my area.

 

From everything I can tell. . . when you install gpEasy it expects "Register Globals" to be OFF. At least that's what it says when I test a new install under xampplite.

I also ran across this page:

http://www.plent2do.com/

where someone clearly left an install in progress or something and as you can see gpEasy installed just fine with Globals OFF. . . as it does under xampplite on my computer ;)

here's another post where Josh addresses installing when php is in safe mode:

http://www.gpeasy.com/Special_Forum?show=t47

I even checked out the two exploits that are published for pre 1.6.3 and tested them against gpeasy.com without success. . .

Nonetheless, like I said, I'm not a code expert so I can't really say anything to the security within the code but I doubt Josh would let security slide. Hopefully some of the wiser users will chime in if necessary.

10 years ago#675

cyberman
85 Posts
1.5K Downloads
1 Plugins

Version 1.7 a 3 works here without any problems too (register globals are off).

10 years ago#677

Thank you for the replies! I think I'll try out GPEasy now. One question: how do you check to see if register globals is on or off?

10 years ago#680

Charles S
448 Posts
13.7K Downloads
2 Themes
8 Plugins

gpEasy will tell you that when in install it. Otherwise I think that is up to your server administrators; however, the current default should be off on the latest php.

10 years ago#682

cyberman
85 Posts
1.5K Downloads
1 Plugins

If your provider allow this you can modify this in your .htaccess file. Add this

php_flag register_globals on

But like you said - it's of course a security problem.

10 years ago#685

Topic Closed

 

News

elFinder 2.1.50 in Upcoming Release
12/28/2019

A new release for Typesetter is in the works with a lot of improvements including the ... Read More

Typesetter 5.1
8/12/2017

Typesetter 5.1 is now available for download. 5.1 includes bug fixes, UI/UX improvements, ... Read More

More News

creisi productions

Dienstleistungen von creisi productions, Luzern (Schweiz): * Konzeption, Planung und Erstellung Ihres Internet-Auftritts * Betreuung und Aktualisierung/Pflege Ihrer Website * ...

Find out more about our Provider Spotlight

Log In

  Register