[Phpmyadmin-devel] disabled functions for security

Garvin Hicking squirrel at supergarv.de
Sun Mar 9 03:30:09 CET 2003

Hi Marc!

> I know it's not what you meant, that's why I said "another suggestion".

Ah, now I get it. I'm sorry for my misinterpretation. :)

> The current is_upload philosophy avoids displaying the file selector
> if we cannot detect that uploads are allowed. So if we reverse the
> logic, we will avoid displaying the file selector if we detect that
> uploads are not allowed, and sometimes (where PHP is < 43000 and
> ini_get() is not available), we will display a file selector that
> won't work. I think that this is acceptable.

I agree with your notion against a new configuration directive. Just a question:
Haven't there been issues with enabled is_upload, where the form got screwed up
because of the form/form-data enctype attribute? Were there only certain
php-installations affected? I don't remember...


More information about the Developers mailing list