On Mon, Nov 7, 2011 at 4:30 PM, Steve Meyers <[email protected]> wrote: > That assumes that you have register_globals enabled, which implies that you > don't care about security anyway.
Not necessarily. The old import() function appears to be gone (thank goodness) but we still have import_request_variables() and extract() which appear somewhat better than import() but could still potentially land you in the same boat: http://us.php.net/manual/en/function.import-request-variables.php http://us.php.net/manual/en/function.extract.php -Dan _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
