Hi,
> We got close one that Jani mentioned in bug db :) > > It's user's problem, but I'm sure there are many > scripts do not check user input enough. > > We're probably better to mention security risks more > in the manual... I fixed this issue in CVS in the way that parse_url() removes control chars from urls when it splits them but infact any url passed to fopen MUST be urlencode()d. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
