> Last time I checked (well, a few months ago), PHP has the
> vulnerability that the user who submitted the form can
> manipulate the global namespace to let PHP pick up arbitrary
> file in the system. Can we now do safe file uploading without
> turning off register_globals?
Yes, this was fixed a while ago. In PHP 4.0.3 I believe.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]