From erick at nixbrain.com Sun Nov 16 20:56:06 2003 From: erick at nixbrain.com (Erick Stohr) Date: Mon Jan 17 14:29:07 2005 Subject: [TCLUG-DEVEL] form button $_REQUEST under IE w/ PHP Message-ID: <3FB838C6.5080105@nixbrain.com> Is there an issue with $_REQUEST 'ing a form button under IE that I am not aware of? i am doing: if (isset($_REQUEST['submitText')) { } have tried $_POST too. works fine under Mozilla, but I am testing under IE and can't seem to get into my if statement. and if requesting a form button is bad style let me know too, i am preferring it to a hidden. thanks, Erick -- Erick Stohr Burnsville, MN erick@enrwebdev.com erick@nixbrain.com _______________________________________________ tclug-devel mailing list tclug-devel@mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-devel From david at acz.org Mon Nov 17 01:13:41 2003 From: david at acz.org (David Phillips) Date: Mon Jan 17 14:29:07 2005 Subject: [TCLUG-DEVEL] form button $_REQUEST under IE w/ PHP References: <3FB838C6.5080105@nixbrain.com> Message-ID: <0e5901c3acda$54403d50$0201a8c0@brinstar> Erick Stohr writes: > > > i am doing: > > if (isset($_REQUEST['submitText')) { You need to use submitText_x and submitText_y. This is documented in the manual in the "IMAGE SUBMIT variable names" section: http://www.php.net/manual/en/language.variables.external.php -- David Phillips http://david.acz.org/ _______________________________________________ tclug-devel mailing list tclug-devel@mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-devel From erick at nixbrain.com Sun Nov 23 17:50:39 2003 From: erick at nixbrain.com (Erick Stohr) Date: Mon Jan 17 14:29:08 2005 Subject: [TCLUG-DEVEL] php security? Message-ID: <3FC147CF.4020608@nixbrain.com> Hello, I am not sure what is going on , but every month or so one of my php scripts on a site i am working on gets "cracked" or something, the one page/script turns into all of my other php scripts on the site and a bunch of jibberish between each page included. I am not sure if it happens locally, or on the development server which is the only thing on the net live, I am assuming locally becuase I never download from the development server. I am running php-4.3.2 locally. Also, a question that should probably be for the main list, I am behind a Linksys wireless router and do not have a firewall up on my Linux machine but recently recompiled the kernel for iptables, I should probably put one up on my Linux box right? I used to use IPCHAINS and have been lazy and not taken the time to learn iptables, I know where the HOWTO is, but I guess my question is how easy is it to crack the router and get into my internal? I have run chkrootkit and all seems fine. Thanks. Erick -- Erick Stohr Burnsville, MN 612-554-8287 erick@enrwebdev.com erick@nixbrain.com _______________________________________________ tclug-devel mailing list tclug-devel@mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-devel From josh at trutwins.homeip.net Sun Nov 23 18:34:07 2003 From: josh at trutwins.homeip.net (Josh Trutwin) Date: Mon Jan 17 14:29:08 2005 Subject: [TCLUG-DEVEL] php security? In-Reply-To: <3FC147CF.4020608@nixbrain.com> References: <3FC147CF.4020608@nixbrain.com> Message-ID: <20031123183407.00002804.josh@trutwins.homeip.net> Without looking at your code it's hard to tell, couple things to worry about with PhP and security: 1.) Is register_globals on? If so, might be good to turn it off (though it'll probably break your scripts) 2.) Make sure you validate EVERYTHING that comes in from the web, even stuff from