Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
Hello all,
I've just installed the last 5.13 Drupal core version on my test platform and I get a similar message at each connexion for each user I can login for.
It is probably similar as the Gavin Henry described in his email
The message is "warning: Wrong parameter count for session_set_cookie_params() in /..../drupal/includes/session.inc on line 102."
That seems to be the only bad thing I get.
I currently wonder if it is careful to deploy it on my production site without understanding this issue. I used the UPGRADE.txt document to upgrade my site.
I would be interested to know if other people got the same problem.
Thanks for your help,
Geneviève Romier www.projet-plume.org
Gavin Henry wrote:
Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
It seems the latest drupal 6.7/5.13 releases (probably unintentionally) introduced a dependency on php5, by calling a function with an extra parameter that did not exist in earlier versions of php.
Marijn
On Thursday 11 December 2008 12:40:06 Genevieve Romier wrote:
Hello all,
I've just installed the last 5.13 Drupal core version on my test platform and I get a similar message at each connexion for each user I can login for.
It is probably similar as the Gavin Henry described in his email
The message is "warning: Wrong parameter count for session_set_cookie_params() in /..../drupal/includes/session.inc on line 102."
That seems to be the only bad thing I get.
I currently wonder if it is careful to deploy it on my production site without understanding this issue. I used the UPGRADE.txt document to upgrade my site.
I would be interested to know if other people got the same problem.
Thanks for your help,
Geneviève Romier www.projet-plume.org
Gavin Henry wrote:
Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
Hi,
Thanks a lot! I use php 5.1.2. It is not the last version. That could be the reason.
Geneviève Romier
Marijn Kruisselbrink wrote:
It seems the latest drupal 6.7/5.13 releases (probably unintentionally) introduced a dependency on php5, by calling a function with an extra parameter that did not exist in earlier versions of php.
Marijn
On Thursday 11 December 2008 12:40:06 Genevieve Romier wrote:
Hello all,
I've just installed the last 5.13 Drupal core version on my test platform and I get a similar message at each connexion for each user I can login for.
It is probably similar as the Gavin Henry described in his email
The message is "warning: Wrong parameter count for session_set_cookie_params() in /..../drupal/includes/session.inc on line 102."
That seems to be the only bad thing I get.
I currently wonder if it is careful to deploy it on my production site without understanding this issue. I used the UPGRADE.txt document to upgrade my site.
I would be interested to know if other people got the same problem.
Thanks for your help,
Geneviève Romier www.projet-plume.org
Gavin Henry wrote:
Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
I get the warning to warning: Wrong parameter count for session_set_cookie_params() in /home/mauricemengel-de/htdocs/includes/session.inc on line 103.
I have that, too with in Drupal 6.7 Apache/1.3.39 (Unix) mod_gzip/1.3.19.1a PHP/4.4.8.
PHP says that this features was added in version 5.2.0 (see http://de.php.net/session_set_cookie_params)
includes/session.inc does use it and the Drupal 6.7 release notes says that's a feature and not a bug, see http://drupal.org/node/345462
I guess I will change the line in session.inc until my provider upgrades php...
best Maurice
On Thu, Dec 11, 2008 at 1:04 PM, Genevieve Romier genevieve.romier@urec.cnrs.fr wrote:
Hi,
Thanks a lot! I use php 5.1.2. It is not the last version. That could be the reason.
Geneviève Romier
Marijn Kruisselbrink wrote:
It seems the latest drupal 6.7/5.13 releases (probably unintentionally) introduced a dependency on php5, by calling a function with an extra parameter that did not exist in earlier versions of php.
Marijn
On Thursday 11 December 2008 12:40:06 Genevieve Romier wrote:
Hello all,
I've just installed the last 5.13 Drupal core version on my test platform and I get a similar message at each connexion for each user I can login for.
It is probably similar as the Gavin Henry described in his email
The message is "warning: Wrong parameter count for session_set_cookie_params() in /..../drupal/includes/session.inc on line 102."
That seems to be the only bad thing I get.
I currently wonder if it is careful to deploy it on my production site without understanding this issue. I used the UPGRADE.txt document to upgrade my site.
I would be interested to know if other people got the same problem.
Thanks for your help,
Geneviève Romier www.projet-plume.org
Gavin Henry wrote:
Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
-- [ Drupal support list | http://lists.drupal.org/ ]
I believe that Drupal is going to come out with 5.14 today and fix this problem so that you won't have to hack core to use the most secure version of Drupal.
I always wait 48 hours before installing a new version of core.
Shai
On 12/11/08, Maurice Mengel mauricemengel@gmail.com wrote:
I get the warning to warning: Wrong parameter count for session_set_cookie_params() in /home/mauricemengel-de/htdocs/includes/session.inc on line 103.
I have that, too with in Drupal 6.7 Apache/1.3.39 (Unix) mod_gzip/1.3.19.1a PHP/4.4.8.
PHP says that this features was added in version 5.2.0 (see http://de.php.net/session_set_cookie_params)
includes/session.inc does use it and the Drupal 6.7 release notes says that's a feature and not a bug, see http://drupal.org/node/345462
I guess I will change the line in session.inc until my provider upgrades php...
best Maurice
On Thu, Dec 11, 2008 at 1:04 PM, Genevieve Romier genevieve.romier@urec.cnrs.fr wrote:
Hi,
Thanks a lot! I use php 5.1.2. It is not the last version. That could be the reason.
Geneviève Romier
Marijn Kruisselbrink wrote:
It seems the latest drupal 6.7/5.13 releases (probably unintentionally) introduced a dependency on php5, by calling a function with an extra parameter that did not exist in earlier versions of php.
Marijn
On Thursday 11 December 2008 12:40:06 Genevieve Romier wrote:
Hello all,
I've just installed the last 5.13 Drupal core version on my test platform and I get a similar message at each connexion for each user I can login for.
It is probably similar as the Gavin Henry described in his email
The message is "warning: Wrong parameter count for session_set_cookie_params() in /..../drupal/includes/session.inc on line 102."
That seems to be the only bad thing I get.
I currently wonder if it is careful to deploy it on my production site without understanding this issue. I used the UPGRADE.txt document to upgrade my site.
I would be interested to know if other people got the same problem.
Thanks for your help,
Geneviève Romier www.projet-plume.org
Gavin Henry wrote:
Hi All,
We've just installed Drupal 6.7 for our new site with php 4.4 and MySQL 5 and sessions don't work.
We were on postgres 7.4 and sessions worked, switching to MySQL (can't go back) and sessions broke.
What info can we provide?
mysql -v mysql Ver 14.12 Distrib 5.0.70, for pc-linux-gnu (i686) using readline 5.2
php -v PHP 4.4.8-pl0-gentoo with Suhosin-Patch 0.9.6 (cli) (built: Aug 9 2008 09:12:56) Copyright (c) 1997-2008 The PHP Group Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project
Thanks.
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
On Thu, 11 Dec 2008 09:05:15 -0500 "Shai Gluskin" shai@content2zero.com wrote:
I always wait 48 hours before installing a new version of core.
I just read people are still using Drupal 5.X where X<10 and I was wondering why being drupal so popular they don't get pwned by bots.
I'll have to look at previous sec advisories and build up some signatures to see if anyone is actually targeting Drupal with bots.
I generally upgrade ASAP.
I find a bit annoying (but maybe someone can suggest how to overcome this) that the packaging system modify a lot of files just to add version info, so that it is a bit annoying to examine the diff.
On Thu, Dec 11, 2008 at 6:46 AM, Ivan Sergio Borgonovo mail@webthatworks.it wrote:
I find a bit annoying (but maybe someone can suggest how to overcome this) that the packaging system modify a lot of files just to add version info, so that it is a bit annoying to examine the diff.
I believe the packaging system only modifies the .info files and adds a LICENSE.txt. Though perhaps you are referring not to the packaging system but to the CVS $Id$ value. Something like:
diff -r drupal-6.6/ drupal-6.7 | grep -v Id:
Of course, if you want to see just the security changes you can look at just the commit that changed files for security reasons. Those are always small changesets right before the release http://drupal.org/cvs?commit=158200
Regards, Greg