Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57887
Return-Path: <jdavidlists@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95232 invoked from network); 16 Feb 2012 07:41:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Feb 2012 07:41:50 -0000
Authentication-Results: pb1.pair.com header.from=jdavidlists@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=jdavidlists@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.42 as permitted sender)
X-PHP-List-Original-Sender: jdavidlists@gmail.com
X-Host-Fingerprint: 209.85.216.42 mail-qw0-f42.google.com  
Received: from [209.85.216.42] ([209.85.216.42:35077] helo=mail-qw0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 83/23-48160-E33BC3F4 for <internals@lists.php.net>; Thu, 16 Feb 2012 02:41:50 -0500
Received: by qady23 with SMTP id y23so4710928qad.8
        for <internals@lists.php.net>; Wed, 15 Feb 2012 23:41:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:cc:content-type
         :content-transfer-encoding;
        bh=g6OejdB+J9tgEvGb15kI7HsDitKcTkuCHV7kodtYCTo=;
        b=baJd0B2PH9kSBGvpcPp5fJipGdJp8Jm3u7eCNdgERsi/2t42eytpxwKhljbyBIaq/k
         YbJF+Ic3H4y6n59GFYfGbE19mhzuKUNYkZ5nwQSooy4nmHpIBYz1r8yLdXs3ZWhsHUTY
         05EW4L3EEpxblRo96jS3C8Kb0lNIR3ca+N/NY=
MIME-Version: 1.0
Received: by 10.229.69.30 with SMTP id x30mr1079943qci.97.1329378107745; Wed,
 15 Feb 2012 23:41:47 -0800 (PST)
Sender: jdavidlists@gmail.com
Received: by 10.229.56.12 with HTTP; Wed, 15 Feb 2012 23:41:47 -0800 (PST)
In-Reply-To: <4F3CB139.50400@lerdorf.com>
References: <4F3A5B70.3020707@co3k.org>
	<CAH-PCH5Ri0Bgmdn5AxYTFqe5VpWuLb2M0Hfn2OwCKkdEyptQ3A@mail.gmail.com>
	<CABXB=RSKVP2=w2zdFx7SLkbbBszpc3635_ehjO07=DZTHQ-xQA@mail.gmail.com>
	<4F3CB139.50400@lerdorf.com>
Date: Thu, 16 Feb 2012 02:41:47 -0500
X-Google-Sender-Auth: UdfILxXjQ863QAmNmPCEpL0zEwI
Message-ID: <CABXB=RTtv6dSAj9e2y-vAH_rD9rCj2ti+GqPPL_pX+bFsSui0w@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: Ferenc Kovacs <tyra3l@gmail.com>, internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] About CVE-2012-0831 (magic_quotes_gpc remote disable vulnerability?)
From: j.david.lists@gmail.com (J David)

On Thu, Feb 16, 2012 at 2:33 AM, Rasmus Lerdorf <rasmus@lerdorf.com> wrote:
> On 02/15/2012 11:24 PM, J David wrote:
>> The specific circumstance was that magic_quotes_gpc was being set to
>> off in Apache via php_flag, rather than in the .ini file. =A0phpinfo()
>> reported magic_quotes_gpc as Off/On, but magic quotes behavior started
>> happening anyway.
>
> Was this
> with Apache1 or 2 you saw this?

Apache 2.2 (--with-apxs2)

Hope that helps.