[pmwiki-users] PHP 5.3 auth issues [was: Reinstall]

Rogutės Sparnuotos rogutes at googlemail.com
Mon Oct 5 07:34:17 CDT 2009


Paul Badger (2009-10-04 22:46):
> These lines below seem to have fixed the upload problem with php 5.3.0.
> 
> # temprorary workaround for PHP 5.3 login issues
> # pmwiki.org/wiki/PITS/01141
> $_REQUEST[session_name()]=1;
> 
> I did have to set permissions on the upload folders at 777 though.
> 
> Any opinions on whether this represents a security issue?

The workaround line shouldn't have any security implications. At least
not more than running PHP 5.3.0 before the bugs are explained and fixed
(remember that using workarounds is far from fixing).

Making uploads/ world-writable is what most people do with PmWiki (and
other webapps that need to write files). Security of this depends
on your server's configuration.

> Also authuser functionality now seems to be broken now. ie defined 
> passwords no longer work.
> Would this have been expected?

No, it works here. Could you test whether AuthUser works with a fresh
install, without any recipes (you can simply unpack PmWiki into
a separate directory, make wiki.d/ world-writable, enable authuser in
config.php and copy your password from SiteAdmin.AuthUser)?

-- 
--  Rogutės Sparnuotos



More information about the pmwiki-users mailing list