| Author |
Message |
mastrb0y
New Member
Joined: Feb 17, 2005
Posts: 7
|
 Posted:
Thu Feb 17, 2005 2:42 am |
|
Having som problems with Nuke 7.6 patched 2.8 with sentinel and protector installed,
Upgraded gallery 1.4.4pl6 to 1.5rc1, turned off globals since gallery would not work with it on (could not fetch the userdb of nuke)
But when i turned globals off my sentinel http auth dosen't work, ways to fix this?
Are there any others problems with having globals off? |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Feb 17, 2005 6:28 am |
|
For a site with register_globals turned off use CGIAuth instead. That way it is called from the .htaccess file and provides server level protection for your admin.php file |
| |
|
|
|
|
mastrb0y
|
| Posted:
Thu Feb 17, 2005 6:50 am |
|
i'll try that, have tried cgiauth before but could not get it to work (thats why i used http auth) , but will try again, and read a little more in the forums |
| |
|
|
|
|
Raven
|
| Posted:
Thu Feb 17, 2005 6:54 am |
|
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Thu Feb 17, 2005 7:27 am |
|
What I did was change the gallery init.php so it doesn't unset globals. This may not be as secure but it allows it to run with globals turned on.
Code:
// Hack prevention.
$register_globals = @ini_get('register_globals');
if (!empty($register_globals) && !eregi("no|off|false", $register_globals)) {
foreach (array_keys($_REQUEST) as $key) {
addslashes($key);
}
}
|
|
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
mastrb0y
|
| Posted:
Thu Feb 17, 2005 7:43 am |
|
Added a new configuration option to bypass our register_globals emulation. (Using this option will NOT be supported, but since some people absolutely require it, we've added it.)
fixed in RC1-cvs-b8
Maybe this will fix it, i reported my problem to menalto also, and they removed my post and added this fix.. will try it out 
will also read http://www.ravenphpscripts.com/postt2950.html if i can't get cgi to work
thnx for your help |
| |
|
|
|
|
mastrb0y
|
| Posted:
Mon Feb 21, 2005 2:01 am |
|
new bug, sentinel 2.1.3 and gallery 1.4.4pl6
When filters are enabled i get blocked when try to hide/unhide pictures in gallery. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Feb 21, 2005 3:38 am |
|
Does the Query String containg &cmd ? |
| |
|
|
|
|
mastrb0y
|
| Posted:
Tue Mar 01, 2005 6:26 am |
|
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107
Firefox/1.0
Query String:
modules.php?cmd=highlight&index=1&set_albumName=album74&type=popup&op=modload&name=gallery&file=index&include=do_command.php
Forwarded For: none
Client IP: none
Remote Address: 10.0.0.254
Remote Port: 2987
Request Method: GET
thats all i know of the string
anyway to put that command in a safe list or equal? (bypassing it without turning of filter in sentinel?) |
| |
|
|
|
|
Raven
|
| Posted:
Tue Mar 01, 2005 9:51 am |
|
|
|
|
|
mastrb0y
|
| Posted:
Wed Mar 02, 2005 2:20 am |
|
sorry, i did not STF  |
| |
|
|
|
|
mastrb0y
|
| Posted:
Wed Mar 02, 2005 3:35 am |
|
another weird thing.
I got CGIauth to work, but had the info that supposed to be in .htaccess about <files>blablabla</files>
would only work when i put it in httpd.conf and restartet the service, any tips on fixing this?
could it be the nooverride options defined in httpd.conf about my directory? |
| |
|
|
|
|
Raven
|
| Posted:
Wed Mar 02, 2005 4:56 am |
|
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
