phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0016882phplist applicationCommand Linepublic20-09-13 16:1626-09-13 15:09
Reporteroverload 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformCentOSOSlinuxOS Version5.3
Product Version3.0.2 
Target Version3.0.XFixed in Version3.0.4 
Summary0016882: cli break
Descriptionfile:
public_html/lists/admin/index.php

function parseCline()
line:595
$GLOBALS["argv"] must be replaced with $_SERVER["argv"]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0052271)
michiel (manager)
20-09-13 18:04

not necessarily. http://php.net/manual/en/reserved.variables.argv.php [^]
(0052272)
overload (reporter)
20-09-13 18:52

in my configuration $GLOBALS["argv"] is empty... I don't know where it is overwritten
(0052273)
michiel (manager)
20-09-13 19:54

can you give more arguments for this change? For example argv is being removed from PHP from version X onwards?

I guess it could include some detection of register_argc_argv and give an error or warning when it is not enabled.

http://www.php.net/manual/en/ini.core.php#ini.register-argc-argv [^]
(0052274)
duncanc (developer)
20-09-13 22:59
edited on: 20-09-13 23:52

I have seen this problem a few times when trying to get cron jobs working.
In those cases php cli was running with register_globals on instead of the cli default of off.

The workaround that I use is to add an option to the command,
 -d register_globals=0

It is not clear to me, from the php documentation, why register_globals should affect argc and argv.

(0052275)
michiel (manager)
21-09-13 04:20

Ah, that might be the "unregister_globals" kicking in. For security, if register globals is on, they are all unregistered. But of a workaround for a major PHP insecurity, which I think is no longer valid, or at least is on the list to be obsoleted.

make sure register_globals is off
register-argc-argv is on

overload, can you verify this is the case, and the cause of this issue?
(0052277)
overload (reporter)
21-09-13 15:16

Sorry, I'm new to mantis...

Yes: the case is "register_globals is on" and the function unregister_GLOBALS() set $GLOBALS["argv"] to null

on line 21 (admin/index.php) $_SERVER['argv'] is used, so could be used also in the function parseCline() to avoid problems even if register_globals is on.

In cli use, it is not necessary to unregister_GLOBALS(), because there are no security problems (imho)
(0052281)
michiel (manager)
22-09-13 04:03

yes, I agree on CLI the unregister globals can be avoided. But at the same time, it is now (and has been for quite a few years) generally considered a bad thing to have register globals on, and it's advisable to switch it off.



Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker