Bug 68669 - squirrelmail does not work without register_globals in php.ini
Summary: squirrelmail does not work without register_globals in php.ini
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: squirrelmail
Version: limbo
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Gary Benson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 67217
TreeView+ depends on / blocked
 
Reported: 2002-07-12 11:19 UTC by Need Real Name
Modified: 2008-05-01 15:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-09-17 13:29:54 UTC
Embargoed:

Attachments (Terms of Use)

Description Need Real Name 2002-07-12 11:19:43 UTC 
Description of Problem:

Squirrelmail requires PHP to have "register_globals = On" to function correctly.
The php.ini shipped with the beta has the setting set to "Off" and there are no
.htacces files to changes the setting just for squirrelmail.

Version-Release number of selected component (if applicable):


How Reproducible:


Steps to Reproduce:
1. Go to the webmail directory in a browser
2. Try to log in
3. 

Actual Results:

Login fails

Expected Results:

Login should succeed (duh!)

Additional Information:
	
The squirrelmail web page suggests using .htaccess settings to work around the
problem, but the suggested fix does not work. So I just changed the global PHP
config, and now squirrelmail works fine.
Comment 1 Warren Togami 2002-07-12 12:03:56 UTC 
I haven't taken a look at Apache 2.0 yet, but don't you need to activate usage
of .htaccess files in the Apache configuration in order to do that? 
Alternatively use a directory statement on the SquirrelMail directory and I
believe can avoid using .htaccess files.

register_globals will always be set to Off by default in all versions of PHP
from this point on because this protects you from possibly bad coding that
causes security problems.
Comment 2 Warren Togami 2002-07-13 14:06:52 UTC 
I suggest marking NOTABUG because this is not Red Hat's fault.  This is a known
Squirrel Mail problem.  If you really want SquirrelMail to work without 
"register_globals = On" then I suggest reading about modifying the settings
within httpd.conf.
Comment 3 Chris Ricker 2002-09-16 18:59:25 UTC 
Reopening -- squirrelmail 1.2.8 does not need register_globals
Comment 4 Warren Togami 2002-09-16 23:44:38 UTC 
I'm not sure if this is required or not, but have you tested it with uploads
enabled in php.ini?
Comment 5 Gary Benson 2002-09-17 09:29:43 UTC 
This bug was fixed as of squirrelmail-1.2.7-3
Comment 6 Gary Benson 2002-09-17 09:30:31 UTC 
This bug was fixed as of squirrelmail-1.2.7-3
Comment 7 Chris Ricker 2002-09-17 13:25:11 UTC 
Then why is it still enabled in 1.2.7-4?

[kaboom@hanuman work]$ more /etc/httpd/conf.d/squirrelmail.conf 
#
# SquirrelMail is a webmail package written in PHP.
#

Alias /webmail /usr/share/squirrelmail

#
# SquirrelMail does not yet work with register_globals off (#68669)
#
<Directory /usr/share/squirrelmail>
    php_value register_globals 1
        Order deny,allow
        Allow from all
</Directory>
[kaboom@hanuman work]$
Comment 8 Chris Ricker 2002-09-17 13:29:48 UTC 
And if I change that to

php_value register_globals 0

it definitely does not work -- users can't even log in after that
Comment 9 Gary Benson 2002-09-17 13:50:00 UTC 
SquirrelMail rpms prior to 1.2.7-3 did not work without register_globals on in
/etc/php.ini.  SquirrelMail rpms 1.2.7-3 and newer have the workaround in
/etc/httpd/conf.d/squirrelmail.conf such that it works regardless of the setting
in /etc/php.ini, hence this bug is fixed.
Note You need to log in before you can comment on or make changes to this bug.