Bug 68669 - squirrelmail does not work without register_globals in php.ini
squirrelmail does not work without register_globals in php.ini
Status: CLOSED RAWHIDE
Product: Red Hat Public Beta
Classification: Retired
Component: squirrelmail (Show other bugs)
limbo
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Gary Benson
:
Depends On:
Blocks: 67217
  Show dependency treegraph
 
Reported: 2002-07-12 07:19 EDT by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-09-17 09:29:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-07-12 07:19:43 EDT
Description of Problem:

Squirrelmail requires PHP to have "register_globals = On" to function correctly.
The php.ini shipped with the beta has the setting set to "Off" and there are no
.htacces files to changes the setting just for squirrelmail.

Version-Release number of selected component (if applicable):


How Reproducible:


Steps to Reproduce:
1. Go to the webmail directory in a browser
2. Try to log in
3. 

Actual Results:

Login fails

Expected Results:

Login should succeed (duh!)

Additional Information:
	
The squirrelmail web page suggests using .htaccess settings to work around the
problem, but the suggested fix does not work. So I just changed the global PHP
config, and now squirrelmail works fine.
Comment 1 Warren Togami 2002-07-12 08:03:56 EDT
I haven't taken a look at Apache 2.0 yet, but don't you need to activate usage
of .htaccess files in the Apache configuration in order to do that? 
Alternatively use a directory statement on the SquirrelMail directory and I
believe can avoid using .htaccess files.

register_globals will always be set to Off by default in all versions of PHP
from this point on because this protects you from possibly bad coding that
causes security problems.
Comment 2 Warren Togami 2002-07-13 10:06:52 EDT
I suggest marking NOTABUG because this is not Red Hat's fault.  This is a known
Squirrel Mail problem.  If you really want SquirrelMail to work without 
"register_globals = On" then I suggest reading about modifying the settings
within httpd.conf.
Comment 3 Chris Ricker 2002-09-16 14:59:25 EDT
Reopening -- squirrelmail 1.2.8 does not need register_globals
Comment 4 Warren Togami 2002-09-16 19:44:38 EDT
I'm not sure if this is required or not, but have you tested it with uploads
enabled in php.ini?
Comment 5 Gary Benson 2002-09-17 05:29:43 EDT
This bug was fixed as of squirrelmail-1.2.7-3
Comment 6 Gary Benson 2002-09-17 05:30:31 EDT
This bug was fixed as of squirrelmail-1.2.7-3
Comment 7 Chris Ricker 2002-09-17 09:25:11 EDT
Then why is it still enabled in 1.2.7-4?

[kaboom@hanuman work]$ more /etc/httpd/conf.d/squirrelmail.conf 
#
# SquirrelMail is a webmail package written in PHP.
#

Alias /webmail /usr/share/squirrelmail

#
# SquirrelMail does not yet work with register_globals off (#68669)
#
<Directory /usr/share/squirrelmail>
    php_value register_globals 1
        Order deny,allow
        Allow from all
</Directory>
[kaboom@hanuman work]$ 
Comment 8 Chris Ricker 2002-09-17 09:29:48 EDT
And if I change that to

php_value register_globals 0

it definitely does not work -- users can't even log in after that
Comment 9 Gary Benson 2002-09-17 09:50:00 EDT
SquirrelMail rpms prior to 1.2.7-3 did not work without register_globals on in
/etc/php.ini.  SquirrelMail rpms 1.2.7-3 and newer have the workaround in
/etc/httpd/conf.d/squirrelmail.conf such that it works regardless of the setting
in /etc/php.ini, hence this bug is fixed.

Note You need to log in before you can comment on or make changes to this bug.