Red Hat Bugzilla – Bug 68669
squirrelmail does not work without register_globals in php.ini
Last modified: 2008-05-01 11:38:02 EDT
Description of Problem:
Squirrelmail requires PHP to have "register_globals = On" to function correctly.
The php.ini shipped with the beta has the setting set to "Off" and there are no
.htacces files to changes the setting just for squirrelmail.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Go to the webmail directory in a browser
2. Try to log in
Login should succeed (duh!)
The squirrelmail web page suggests using .htaccess settings to work around the
problem, but the suggested fix does not work. So I just changed the global PHP
config, and now squirrelmail works fine.
I haven't taken a look at Apache 2.0 yet, but don't you need to activate usage
of .htaccess files in the Apache configuration in order to do that?
Alternatively use a directory statement on the SquirrelMail directory and I
believe can avoid using .htaccess files.
register_globals will always be set to Off by default in all versions of PHP
from this point on because this protects you from possibly bad coding that
causes security problems.
I suggest marking NOTABUG because this is not Red Hat's fault. This is a known
Squirrel Mail problem. If you really want SquirrelMail to work without
"register_globals = On" then I suggest reading about modifying the settings
Reopening -- squirrelmail 1.2.8 does not need register_globals
I'm not sure if this is required or not, but have you tested it with uploads
enabled in php.ini?
This bug was fixed as of squirrelmail-1.2.7-3
Then why is it still enabled in 1.2.7-4?
[kaboom@hanuman work]$ more /etc/httpd/conf.d/squirrelmail.conf
# SquirrelMail is a webmail package written in PHP.
Alias /webmail /usr/share/squirrelmail
# SquirrelMail does not yet work with register_globals off (#68669)
php_value register_globals 1
Allow from all
And if I change that to
php_value register_globals 0
it definitely does not work -- users can't even log in after that
SquirrelMail rpms prior to 1.2.7-3 did not work without register_globals on in
/etc/php.ini. SquirrelMail rpms 1.2.7-3 and newer have the workaround in
/etc/httpd/conf.d/squirrelmail.conf such that it works regardless of the setting
in /etc/php.ini, hence this bug is fixed.