NYCPHP Meetup

NYPHP.org

[nycphp-talk] $_SERVER['PHP_SELF'} not working?

George Schlossnagle george at omniti.com
Thu Jul 21 09:15:38 EDT 2005


On Jul 21, 2005, at 8:54 AM, csnyder wrote:

> On 7/20/05, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
>
>
>> More importantly, PHP_SELF can be tainted by users.  Don't assume  
>> it's
>> safe.
>>
>
> Hmm. How does $_SERVER['PHP_SELF'] get tainted by users?

By appending parameters to the uri you're requesting, i.e. requesting

http://example.com/?$BAD_STUFF_HERE

George




More information about the talk mailing list