On Friday 27 July 2001 12:51, Marc Boeren wrote:
> if ($internal_variable == 'whatever') {
> // do something, knowing that a user could never have set this
> }
>
> The second check is where a lot of scripts are exploitable, I think, if
> register_globals=on, because programmers do not expect user-input in this
> variable.
...but will be caught perfectly by E_ALL
--
Phil Driscoll
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues teo
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues teo
- Re: [PHP-DEV] Security Issues PHP
- Re: [PHP-DEV] Security Issues Zeev Suraski
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Brian Tanner
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Phil Driscoll
- RE: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues php4
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Phil Driscoll
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Andi Gutmans
- Re: [PHP-DEV] Security Issues Ramsi Sras
- Re: [PHP-DEV] Security Issues Ron Chmara
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Ramsi Sras
