| View previous topic :: View next topic |
| Author |
Message |
uniboee
Joined: 02 Aug 2005
Posts: 2
|
| Posted: Tue Aug 02, 2005 7:19 pm Post subject: one globals issue |
|
|
Code: if (isset($_REQUEST['domain']))
$domain = $_REQUEST['domain'];
else $domain = '';
Just add code below after above in main.php
Code: if (isset($_REQUEST['username']))
$username = $_REQUEST['username'];
else $username = '';
Otherwise functions belonging to "server domains" CAN'T work, because &username= in the URL is always EMPTY. |
|
| Back to top |
|
below_zero
Joined: 08 Apr 2005
Posts: 130
Location: Italy
|
| Posted: Tue Aug 02, 2005 9:24 pm Post subject: Re: One bug in phpxmail |
|
|
I'm sorry, I haven't undestood where is the bug... Can you tell me exactly what was wrong and in which condition?
the code:
Code: $username = $_REQUEST['username'];
is inserted in files *.inc (under the /users directory) only when it's necessary...
May be that this is not the best and efficent solution but it's what I've found when I started to add features to this apllication, and from the security point of view it was just debuged on the field...
Adding the 3 lines as you suggest you will obtain to reduce security and also to introduce another bug when you login as a regular user and open the "Change Setting" menu: the username before @mydomain.tld will disappears.
There is a matter in $username when it's NOT initialized and when its value is EMPTY (an user is anonymous until login is performed: that means that the login process need that $username is NOT initialized).
So we should better investigate the bug that you had found: probably you had found only a part of the fixing... we need to work more over it: any other suggestion or indication from you are welcome! |
|
| Back to top |
|
uniboee
Joined: 02 Aug 2005
Posts: 2
|
| Posted: Mon Aug 29, 2005 8:12 pm Post subject: |
|
|
I attached the snapshot of the problem.
First, login as server admin
Then, click "server domains" on the left panel
Next, choose one domain, here is "localhost", and choose the user "root".
Now, problem occurs. You can see from the attached snaphot, the url (http://localhost/phpxmail/main.php?action=aliaslist&domain=localhost&username=) of the menu bar aliases || ext POP3 etc. , misses the wanted username. So, I can't creat aliases for root, it always report "Error adding alias: -00108 Bad CTRL command syntax". |
|
| Back to top |
|
Vlad Alexa Mancini
Joined: 07 Jul 2003
Posts: 303
|
| Posted: Mon Aug 29, 2005 9:36 pm Post subject: |
|
|
uniboee this is not a bug per se , just torn register_globals to on in php.ini and you will not experience this
however it is good programming practice to make a code globals friendly , this seems to be a issue induced by the new menu management code you added , please look into it |
|
| Back to top |
|
below_zero
Joined: 08 Apr 2005
Posts: 130
Location: Italy
|
| Posted: Tue Aug 30, 2005 12:19 am Post subject: |
|
|
Hello Uniboee, I apologize for not have understood immediately what you was saying.
Unfortunately, in my trial web server the PHP setting 'register_globals' was 'ON'.
Anyway the use of register_globals is deprecated because it often leads to security bugs: so I will change the PHPXmail code and fix the disappearing of the username when an user enter as regular user and change his mailbox settings.
Please keep you tuned on the CVS on SourceForge in the next days: I will appreciate your feedback. |
|
| Back to top |
|
| |
