Posted on: 02/17/03 10:52am
By: Anonymous (Anonymous)
I just installed geeklog 1.3.7sr1 and it seems to be working except that I can not edit stories, event, users, anything. As Admin I edit a story from story.php. After I click on the story number the page doesn't change but the url now has mode=edit and the sid set. I looked at the code and it apears that those vars are never getting set with $HTTP_GET_VARS. This also seems to be the case just about everywhere. Am I missing something?
andy
Unable to edit anything.
Posted on: 02/17/03 11:14am
By: Dirk
Make sure you have register_globals=on in you php.ini file.
The install script should have warned you about this, though ...
bye, Dirk
Unable to edit anything.
Posted on: 02/17/03 12:21pm
By: Anonymous (Anonymous)
Any reason to require register_globals? It's a huge source of security holes in php apps, and completely unnecessary. The code seems to pull POST vars from the correct place, but depends on register_globals for GET vars. Why the discrepancy there?
I'd be more than happy to make the changes necessary to get this to work without register_globals, if you'd like. But I don't want to edit my copy and have to do it all over again every time I upgrade...
Unable to edit anything.
Posted on: 02/17/03 05:18pm
By: Dirk
Please do a search on this topic as this has been discussed to death already ...
In short: Geeklog 1.3 will require register_globals=on. Period. Work on Geeklog 2 has already started which will be designed from the ground up not to rely on register_globals being on.
Also, the security issues imposed be register_globals=on are greatly exaggerated, IMO. It is possible to write secure software with this setting. Just because there are a lot of insecure scripts out there doesn't mean that every PHP script is insecure ...
bye, Dirk