subject:"\[PHP\-DEV\] Re\: The new $_GET\/POST\/ENV $was\: Re\: \[PHP\-CVS\] cvs\: php4 \/ NEWS...$"

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-09 Thread teo


Hi Jason!
On Wed, 08 Aug 2001, Jason Greene wrote:

 From: Zeev Suraski [EMAIL PROTECTED]
  My top of the list is:
  
  $_REQUEST
  $_EVIL (Andi and I think it's really pretty good, but we both figured we'll 
  end up going with a different alternative :)
 
 What about $_TAINTED ?
 
for non-english ppl REQUEST is a more familiar word that TAINTED. I only
encountered it when studying JS security.

-- teodor

-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-09 Thread Jeroen van Wolffelaar


  What about $_TAINTED ?
  
 for non-english ppl REQUEST is a more familiar word that TAINTED. I only
 encountered it when studying JS security.

+1, tainted? I needed a dictionary for that...

 
 -- teodor


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Jason Greene



- Original Message - 
From: Zeev Suraski [EMAIL PROTECTED]
To: Jani Taskinen [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 1:02 PM
Subject: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)


 At 21:01 08-08-01, Jani Taskinen wrote:
 
 [moving this to php-dev]
 
 First: Great! Woohoo! Thanks Zeev!
 
 Andi helped with it too :)
 
  I vote for $_EVIL :)

Well that would inspire programmers to be moe security consious with that data : )


 
 Zeev
 
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Cynic


At 20:02 8/8/2001, Zeev Suraski wrote the following:
-- 
At 21:01 08-08-01, Jani Taskinen wrote:

[moving this to php-dev]

First: Great! Woohoo! Thanks Zeev!

Andi helped with it too :)

I vote for $_EVIL :)

How about $_DONT_TOUCH_THIS ? :)
Seriously though, I vote for $_REQUEST. After all, it contains
data which is (generally) tied to one particular request...




[EMAIL PROTECTED]
-
And the eyes of them both were opened and they saw that their files
were world readable and writable, so they chmoded 600 their files.
- Book of Installation chapt 3 sec 7 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Jason Greene


How about $_COULDCONTAINSHELLCODE?

-jason

- Original Message - 
From: Jani Taskinen [EMAIL PROTECTED]
To: Zeev Suraski [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 1:09 PM
Subject: Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / 
NEWS...)


 On Wed, 8 Aug 2001, Zeev Suraski wrote:
 
 At 21:01 08-08-01, Jani Taskinen wrote:
 
 [moving this to php-dev]
 
 First: Great! Woohoo! Thanks Zeev!
 
 Andi helped with it too :)
 
 Ah. Thanks Andi! :)
 
 I vote for $_EVIL :)
 
 I am not kidding. Naming it like that would definately
 be a clear sign for everyone that this stuff is not safe
 to use just as it is.
 
 --Jani
 
 
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Cynic


At 20:14 8/8/2001, Jani Taskinen wrote the following:
-- 
On Wed, 8 Aug 2001, Cynic wrote:

How about $_DONT_TOUCH_THIS ? :)
Seriously though, I vote for $_REQUEST. After all, it contains
data which is (generally) tied to one particular request...

This reminds me that should the $_FILES be included in this
data too? As it's also something you shouldn't trust and
it's also coming from the user.

--Jani

Yeah. And $_SESSION too.



[EMAIL PROTECTED]
-
And the eyes of them both were opened and they saw that their files
were world readable and writable, so they chmoded 600 their files.
- Book of Installation chapt 3 sec 7 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Jason Greene


What about using the acronyms in any combination.

like $_GPC
and $_GC
and etc

-Jason
- Original Message - 
From: Cynic [EMAIL PROTECTED]
To: Jani Taskinen [EMAIL PROTECTED]
Cc: Zeev Suraski [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 1:25 PM
Subject: Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / 
NEWS...)


 At 20:14 8/8/2001, Jani Taskinen wrote the following:
 -- 
 On Wed, 8 Aug 2001, Cynic wrote:
 
 How about $_DONT_TOUCH_THIS ? :)
 Seriously though, I vote for $_REQUEST. After all, it contains
 data which is (generally) tied to one particular request...
 
 This reminds me that should the $_FILES be included in this
 data too? As it's also something you shouldn't trust and
 it's also coming from the user.
 
 --Jani
 
 Yeah. And $_SESSION too.
 
 
 
 [EMAIL PROTECTED]
 -
 And the eyes of them both were opened and they saw that their files
 were world readable and writable, so they chmoded 600 their files.
 - Book of Installation chapt 3 sec 7 
 
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Zeev Suraski


At 21:14 08-08-01, Jani Taskinen wrote:
On Wed, 8 Aug 2001, Cynic wrote:

 At 20:02 8/8/2001, Zeev Suraski wrote the following:
 --
 At 21:01 08-08-01, Jani Taskinen wrote:
 
 [moving this to php-dev]
 
 First: Great! Woohoo! Thanks Zeev!
 
 Andi helped with it too :)
 
 I vote for $_EVIL :)
 
 How about $_DONT_TOUCH_THIS ? :)
 Seriously though, I vote for $_REQUEST. After all, it contains
 data which is (generally) tied to one particular request...

This reminds me that should the $_FILES be included in this
data too? As it's also something you shouldn't trust and
it's also coming from the user.

Yep, $_FILES should probably be there too.

Zeev


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Zeev Suraski


My top of the list is:

$_REQUEST
$_EVIL (Andi and I think it's really pretty good, but we both figured we'll 
end up going with a different alternative :)

Zeev

At 21:12 08-08-01, Jason Greene wrote:
What about using the acronyms in any combination.

like $_GPC
and $_GC
and etc

-Jason
- Original Message -
From: Cynic [EMAIL PROTECTED]
To: Jani Taskinen [EMAIL PROTECTED]
Cc: Zeev Suraski [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 1:25 PM
Subject: Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: 
php4 / NEWS...)


  At 20:14 8/8/2001, Jani Taskinen wrote the following:
  --
  On Wed, 8 Aug 2001, Cynic wrote:
  
  How about $_DONT_TOUCH_THIS ? :)
  Seriously though, I vote for $_REQUEST. After all, it contains
  data which is (generally) tied to one particular request...
  
  This reminds me that should the $_FILES be included in this
  data too? As it's also something you shouldn't trust and
  it's also coming from the user.
  
  --Jani
 
  Yeah. And $_SESSION too.
 
 
 
  [EMAIL PROTECTED]
  -
  And the eyes of them both were opened and they saw that their files
  were world readable and writable, so they chmoded 600 their files.
  - Book of Installation chapt 3 sec 7
 
 
  --
  PHP Development Mailing List http://www.php.net/
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]
 

--
Zeev Suraski [EMAIL PROTECTED]
CTO   co-founder, Zend Technologies Ltd. http://www.zend.com/


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Jason Greene



- Original Message - 
From: Zeev Suraski [EMAIL PROTECTED]
To: Jason Greene [EMAIL PROTECTED]
Cc: Jani Taskinen [EMAIL PROTECTED]; Cynic [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 1:20 PM
Subject: Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / 
NEWS...)


 My top of the list is:
 
 $_REQUEST
 $_EVIL (Andi and I think it's really pretty good, but we both figured we'll 
 end up going with a different alternative :)

What about $_TAINTED ?

-Jason

 
 Zeev
 
 At 21:12 08-08-01, Jason Greene wrote:
 What about using the acronyms in any combination.
 
 like $_GPC
 and $_GC
 and etc
 
 -Jason
 - Original Message -
 From: Cynic [EMAIL PROTECTED]
 To: Jani Taskinen [EMAIL PROTECTED]
 Cc: Zeev Suraski [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Wednesday, August 08, 2001 1:25 PM
 Subject: Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: 
 php4 / NEWS...)
 
 
   At 20:14 8/8/2001, Jani Taskinen wrote the following:
   --
   On Wed, 8 Aug 2001, Cynic wrote:
   
   How about $_DONT_TOUCH_THIS ? :)
   Seriously though, I vote for $_REQUEST. After all, it contains
   data which is (generally) tied to one particular request...
   
   This reminds me that should the $_FILES be included in this
   data too? As it's also something you shouldn't trust and
   it's also coming from the user.
   
   --Jani
  
   Yeah. And $_SESSION too.
  
  
  
   [EMAIL PROTECTED]
   -
   And the eyes of them both were opened and they saw that their files
   were world readable and writable, so they chmoded 600 their files.
   - Book of Installation chapt 3 sec 7
  
  
   --
   PHP Development Mailing List http://www.php.net/
   To unsubscribe, e-mail: [EMAIL PROTECTED]
   For additional commands, e-mail: [EMAIL PROTECTED]
   To contact the list administrators, e-mail: [EMAIL PROTECTED]
  
 
 --
 Zeev Suraski [EMAIL PROTECTED]
 CTO   co-founder, Zend Technologies Ltd. http://www.zend.com/
 
 
 -- 
 PHP Development Mailing List http://www.php.net/
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 
 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Cynic


At 20:33 8/8/2001, Jani Taskinen wrote the following:
-- 
On Wed, 8 Aug 2001, Cynic wrote:
Yeah. And $_SESSION too.

Nope. It doesn't come from the user.

Err, you're right.




[EMAIL PROTECTED]
-
And the eyes of them both were opened and they saw that their files
were world readable and writable, so they chmoded 600 their files.
- Book of Installation chapt 3 sec 7 


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Wez Furlong


On 08/08/01, Jani Taskinen [EMAIL PROTECTED] wrote:
 On Wed, 8 Aug 2001, Cynic wrote:
 Yeah. And $_SESSION too.
 Nope. It doesn't come from the user.

But it would be useful for $_SESSION to have the same global scope as
these new vars.

--Wez.


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Thies C. Arntzen


On Wed, Aug 08, 2001 at 09:20:55PM +0300, Zeev Suraski wrote:
 My top of the list is:
 
 $_REQUEST

$_REQ would be even nicer - and less to type without hiding
the meaning.

 $_EVIL (Andi and I think it's really pretty good, but we both figured we'll 
 end up going with a different alternative :)

evil might cause some moral/religious problems for some ppls,
i don't think anything in PHP should be called like that.

tc

-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Andrei Zmievski


On Wed, 08 Aug 2001, Thies C. Arntzen wrote:
 On Wed, Aug 08, 2001 at 09:20:55PM +0300, Zeev Suraski wrote:
  My top of the list is:
  
  $_REQUEST
 
 $_REQ would be even nicer - and less to type without hiding
 the meaning.

The Perl meter is registering non-zero reading here.

 evil might cause some moral/religious problems for some ppls,
 i don't think anything in PHP should be called like that.

you mean like easter_date()?

-Andrei

'Any given program, when running correctly, is obsolete.'
  - First Law of Computer Programming

-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

2001-08-08 Thread Zeev Suraski


At 22:13 08-08-01, Thies C. Arntzen wrote:
On Wed, Aug 08, 2001 at 09:20:55PM +0300, Zeev Suraski wrote:
  My top of the list is:
 
  $_REQUEST

 $_REQ would be even nicer - and less to type without hiding
 the meaning.

I agree with Andrei on this one...

  $_EVIL (Andi and I think it's really pretty good, but we both figured 
 we'll
  end up going with a different alternative :)

 evil might cause some moral/religious problems for some ppls,
 i don't think anything in PHP should be called like that.

Hmm, interesting point :)

Zeev


-- 
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

Re: [PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)

15 matches

Site Navigation

Mail list logo

Footer information