Dialup admin error

Michael J Humphries mhumphries at dstech.us
Thu Mar 4 00:28:00 CET 2010 

radiusd: FreeRADIUS Version 1.1.8, for host i686-pc-linux-gnu, built on Mar  3 2010 at 18:01:19

here is the exact error I am getting

Warning: import_request_variables() [function.import-request-variables]: Numeric key detected - possible security hazard. in /usr/local/dialup_admin/conf/config.php3  on line 8

here is the code from dialup admin (config.php3)

<?php
#
# Things should work even if register_globals is set to off
#
$testVer=intval(str_replace(".", "",'4.1.0'));
$curVer=intval(str_replace(".", "",phpversion()));
if( $curVer >= $testVer )
        import_request_variables('GPC');
# If using sessions set use_session to 1 to also cache the config file
#
$use_session = 0;
if ($use_session){
        // Start session
        @session_start();
}
if (!isset($config)){
        unset($nas_list);
        $ARR=file("../conf/admin.conf");
        $EXTRA_ARR = array();
        foreach($ARR as $val) {
                $val=chop($val);
                if (ereg('^[[:space:]]*#',$val) || ereg('^[[:space:]]*$',$val))
                        continue;


There are no errors in the error_log file in apache

As far as the procedure I was doing I was attempting to change a user password through the edit user screen.

Thank you for choosing 
--
Michael J Humphries 


Penstar Office Center, Suite 101
1431 N. 26th Street
Escanaba, MI 49829
Phone: 906.786.3583 ext. 139
Fax: 906.786.4300
E-Mail: mhumphries at dstech.us
www.dstech.us


-----Original Message-----
From: Steve Bertrand [mailto:steve at ibctech.ca] 
Sent: Tuesday, March 02, 2010 8:36 PM
To: FreeRadius users mailing list
Cc: Michael J Humphries
Subject: Re: Dialup admin error

On 2010.03.02 15:38, Michael J Humphries wrote:
> We had to reboot the Radius server and ever since then I am getting the
> following error when I try to edit someones account in Dialup admin
> 
> *Warning*: import_request_variables() [function.import-request-variables
> <http://69.54.213.8/dialup_admin/htdocs/function.import-request-variables>]:
> Numeric key detected - possible security hazard. in
> */usr/local/dialup_admin/conf/config.php3* on line *8*
> 
> *Any ideas*

What version of FreeRADIUS?

I don't know if the dialup_admin code has been changed in recent
versions of FreeRADIUS or not, but you might want to paste the code in
question (five lines previous, and five lines following) in the
offending file.

Also, posting what you attempted to enter, and what your web server log
file states would also be relevant.

This isn't a FreeRADIUS problem fwiw. It is a problem with your setup.
I'm not trying to be ignorant, I'm just attempting to get that out of
the way. This is third party code you are having an issue with.

Post what I asked for. Someone here will be able to guide you to an
appropriate resource if they can't help directly.

Steve

More information about the Freeradius-Users mailing list