On 10/01/2011, at 5:41 PM, Daniel Veillard wrote: > [ Cc'ing back the list ] > On Sun, Jan 09, 2011 at 03:11:29AM +1100, Justin Clift wrote: >> Hi Daniel, >> >> Noticing these php warning's showing up in the apache libvirt.org error log: >> >> [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 21, referer: http://libvirt.org/formatdomain.html >> [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: HTTP_GET_VARS in /data/www/libvirt.org/search.php on line 22, referer: http://libvirt.org/formatdomain.html >> [Sat Jan 08 17:09:24 2011] [error] [client 64.217.19.104] PHP Notice: Undefined variable: PHP_SELF in /data/www/libvirt.org/search.php on line 37, referer: http://libvirt.org/formatdomain.html >> >> Any idea if they're something we need to care about? > > Yup, the search php was designed in php4 time frame and those global > variables are not turned off by default for security reasons > http://fr.php.net/manual/en/security.registerglobals.php > > The following patch should fix those, Looks pretty simple, but not sure how to test it without having putting it on a PHP server with the right bits. Guess we ACK it, and see if it works? -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list