[nycphp-talk] $_SERVER['PHP_SELF'} not working?
George Schlossnagle
george at omniti.com
Thu Jul 21 09:15:38 EDT 2005
On Jul 21, 2005, at 8:54 AM, csnyder wrote:
> On 7/20/05, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
>
>
>> More importantly, PHP_SELF can be tainted by users. Don't assume
>> it's
>> safe.
>>
>
> Hmm. How does $_SERVER['PHP_SELF'] get tainted by users?
By appending parameters to the uri you're requesting, i.e. requesting
http://example.com/?$BAD_STUFF_HERE
George
More information about the talk
mailing list