[development] Remove PHP filter by default

Karoly Negyesi karoly at negyesi.net
Sun Jan 29 21:39:52 UTC 2006


On Sun, 29 Jan 2006 22:33:37 +0100, Morbus Iff <morbus at disobey.com> wrote:

>> We have investigated the ways to become SU. in drupal 4.7 there are at  
>> least 7 totally different ways of rooting (for becoming SU is that,  
>> exactly) a drupal site. Nearly all are related to gaining PHP rights,  
>> then using that to change
>
> I'm confused - how can a PHP input filter cause a user to become root,  
> when PHP execs itself in the user space of the Apache process?

Berkes means "Drupal root" obviously.


More information about the development mailing list