[development] Remove PHP filter by default

Morbus Iff morbus at disobey.com
Sun Jan 29 21:33:37 UTC 2006

> We have investigated the ways to become SU. in drupal 4.7 there are at least 7 
> totally different ways of rooting (for becoming SU is that, exactly) a drupal 
> site. Nearly all are related to gaining PHP rights, then using that to change 

I'm confused - how can a PHP input filter cause a user to become root, 
when PHP execs itself in the user space of the Apache process?

Morbus Iff ( god less america )
Technical: http://www.oreillynet.com/pub/au/779
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus

More information about the development mailing list