UNSUBSCRIBE ME PLEASE!!
Stephen van Egmond schrieb:
Rasmus Lerdorf ([EMAIL PROTECTED]) wrote:
> Think about whether in each of these cases it would have happened
if the
> developers of the app had developed with E_NOTICE on. In a
high number of
> these cases it probably wouldn't. And
UNSUBSCRIBE ME PLEASE!!
Stephen van Egmond schrieb:
Zeev Suraski ([EMAIL PROTECTED]) wrote:
> - register_globals=on leads to insecure code, which was demonstrated
time
> and time again in the past.
> - Once it's off, we're going to provide methods of accessing variables
> which are
UNSUBSCRIBE ME PLEASE!!UNSUBSCRIBE ME PLEASE!!UNSUBSCRIBE
ME PLEASE!!UNSUBSCRIBE ME PLEASE!!UNSUBSCRIBE ME
PLEASE!!UNSUBSCRIBE ME PLEASE!!
Zeev Suraski schrieb:
At 21:34 29/07/2001, Stephen van Egmond wrote:
>Zeev Suraski
On Sunday 29 July 2001 19:42, Stephen van Egmond wrote:
will produce warnings if $x is not set. If you don't want the
warnings, you have to replace it with:
if (isset($x) $x) {
}
if it's set and it's true...? ugh.
One is then tempted to look for replacement
At 01:22 30/07/2001, Phil Driscoll wrote:
I agree - to my mind empty is broken in this respect and also in the respect
that it returns true for a string containing '0'. Consequently I (and I
assume everyone else, unless I'm missing some occasion that this behaviour is
useful) can never use empty
Zeev Suraski ([EMAIL PROTECTED]) wrote:
I don't think we can change the behavior of empty() at this stage...
isempty()?
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list
AMEN! I PERSONALLY DO NOT consider it a PIA to have to access the variables
via $HTTP_POST... What I USUALLY do is something like this:
$fldform_var1 = $HTTP_POST_VARS[form_var1];
etc.
This way, I'm GUARENETEED that I got the variable FROM the location that I was
expecting. Then, I refer
On Mon, 30 Jul 2001, Ramsi Sras wrote:
Hey, idiot. you can just send a message to
[EMAIL PROTECTED], stop spamming my mailbox, or else
you'll be subscribed to alot more mailing lists than you ever
wanted.
-Sterling
UNSUBSCRIBE ME PLEASE!!UNSUBSCRIBE ME
Rasmus Lerdorf ([EMAIL PROTECTED]) wrote:
Think about whether in each of these cases it would have happened if the
developers of the app had developed with E_NOTICE on. In a high number of
these cases it probably wouldn't. And if this number is close to 100%,
then it would point to the fact
What you ignored completely are three facts:
- register_globals=on leads to insecure code, which was demonstrated time
and time again in the past.
- Once it's off, we're going to provide methods of accessing variables
which are just as easy, and quite easier in case you access them from
Zeev Suraski ([EMAIL PROTECTED]) wrote:
- register_globals=on leads to insecure code, which was demonstrated time
and time again in the past.
- Once it's off, we're going to provide methods of accessing variables
which are just as easy, and quite easier in case you access them from
I was trying to step back a bit and identify some of the patterns in
the attacks identified in the paper. One extremely popular pattern was
spoofing variables by overwriting them: GET variables overwriting
POST, usually, and I suggested that some SAPI stunt be pulled to catch
that.
That's
At 21:34 29/07/2001, Stephen van Egmond wrote:
Zeev Suraski ([EMAIL PROTECTED]) wrote:
- register_globals=on leads to insecure code, which was demonstrated time
and time again in the past.
- Once it's off, we're going to provide methods of accessing variables
which are just as easy, and
13 matches
Mail list logo
