[imp] Weird problem with certain attachments
Chris H.
fbsd at 1command.com
Tue Apr 18 15:59:47 PDT 2006
Greetings,
...
Quoting imp-archive at cloud9.net:
> I'm using Horde 3.0.10 and IMP 4.0.4 with Apache 2.2.0, PHP 5.1.2,
> and ZendPlatform 2.1.2 and I have started to observe the following
> issue:
>
> I send an e-mail with one 1MB Windows bitmap from Outlook 2003 and
> I'm able to view it fine using IMP.
>
> An e-mail with two or more bitmaps and I get a blank page. I get the
> following error at when I turn on all PHP messages to the browser:
>
> Fatal error: Call to a member function loadString() on a non-object
> in /webmail/horde/imp/lib/MIME/Viewer/images.php on line 228
>
> My php.ini:
>
> session.use_cookies = 1
> file_uploads = on
> upload_max_filesize = 15360000
WARNING Will Robinson. DANGER! DANGER!
It is a well known fact that using any code that requires registering
globals is a HUGE security risk. PHP became aware of this some years
ago and has it turned OFF by default. The documentation that comes
with your copy of PHP mentions this. As do most copies of the PHP.ini
file that is installed. You need to change this to:
register_globals = off
unless you are looking/ hoping to have your web server and other services
exploited. I can tell you first hand that not a day goes by that several
creatons aren't looking for open holes or vulnerable services to exploit.
I am running 12 servers and attempts are made on the hour.
You have been warned.
> register_globals = on
> error_reporting = E_ALL & ~E_NOTICE
> upload_tmp_dir = /tmp
> safe_mode = off
> include_path = /lib/php
> memory_limit = 16M
> max_execution_time = 180
> post_max_size = 15360000
>
> [Zend]
> zend_extension=/Zend/lib/ZendExtensionManager.so
> zend_extension_manager.platform=/Zend/lib/Platform-2.1.2
> zend_extension_manager.optimizer=/Zend/lib/Optimizer-2.6.2
> zend_extension_manager.download_server=/Zend/lib/DownloadServer-1.0.6
> zend_extension_manager.mysql=/Zend/lib/MySQL
> zend_extension_manager.gd=/Zend/lib/GD
> zend_extension_manager.debug_server=/Zend/lib/Debugger-5.1.0
> ;zend_extension_manager.mod_cluster=/Zend/lib/SC-1.0.2
> zend_ini_file=/Zend/etc/zend.ini
> zend_platform.version=2.1.2
>
> Are there any other places I should look for the origin of this
> issue? I am also building a 3.1.x/4.1.x setup for testing but it is
> not ready to go into production yet.
>
> --
> Mark P. Hennessy
>
>
> --
> IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>
--
Linux:
An OS for those who think their using UNIX.
-----------------------------------------------------------------
FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006
/////////////////////////////////////////////////////////////////
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: PGP Digital Signature
Url : http://lists.horde.org/archives/imp/attachments/20060418/3431eda5/attachment.bin
More information about the imp
mailing list