> I was trying to step back a bit and identify some of the patterns in
> the attacks identified in the paper.  One extremely popular pattern was
> spoofing variables by overwriting them: GET variables overwriting
> POST, usually, and I suggested that some SAPI stunt be pulled to catch
> that.

That's not the case.  The default variable_order is EGPCS which means that
POST variables will always overwrite GET variables of the same name.


PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to