Description of Problem: Squirrelmail requires PHP to have "register_globals = On" to function correctly. The php.ini shipped with the beta has the setting set to "Off" and there are no .htacces files to changes the setting just for squirrelmail. Version-Release number of selected component (if applicable): How Reproducible: Steps to Reproduce: 1. Go to the webmail directory in a browser 2. Try to log in 3. Actual Results: Login fails Expected Results: Login should succeed (duh!) Additional Information: The squirrelmail web page suggests using .htaccess settings to work around the problem, but the suggested fix does not work. So I just changed the global PHP config, and now squirrelmail works fine.
I haven't taken a look at Apache 2.0 yet, but don't you need to activate usage of .htaccess files in the Apache configuration in order to do that? Alternatively use a directory statement on the SquirrelMail directory and I believe can avoid using .htaccess files. register_globals will always be set to Off by default in all versions of PHP from this point on because this protects you from possibly bad coding that causes security problems.
I suggest marking NOTABUG because this is not Red Hat's fault. This is a known Squirrel Mail problem. If you really want SquirrelMail to work without "register_globals = On" then I suggest reading about modifying the settings within httpd.conf.
Reopening -- squirrelmail 1.2.8 does not need register_globals
I'm not sure if this is required or not, but have you tested it with uploads enabled in php.ini?
This bug was fixed as of squirrelmail-1.2.7-3
Then why is it still enabled in 1.2.7-4? [kaboom@hanuman work]$ more /etc/httpd/conf.d/squirrelmail.conf # # SquirrelMail is a webmail package written in PHP. # Alias /webmail /usr/share/squirrelmail # # SquirrelMail does not yet work with register_globals off (#68669) # <Directory /usr/share/squirrelmail> php_value register_globals 1 Order deny,allow Allow from all </Directory> [kaboom@hanuman work]$
And if I change that to php_value register_globals 0 it definitely does not work -- users can't even log in after that
SquirrelMail rpms prior to 1.2.7-3 did not work without register_globals on in /etc/php.ini. SquirrelMail rpms 1.2.7-3 and newer have the workaround in /etc/httpd/conf.d/squirrelmail.conf such that it works regardless of the setting in /etc/php.ini, hence this bug is fixed.