Mailinglist Archive: opensuse (2859 mails)
| < Previous | Next > |
Re: [opensuse] PHP Question
- From: "Cristian Rodriguez R." <judas_iscariote@xxxxxxxxxxxxx>
- Date: Tue, 01 May 2007 05:47:46 -0400
- Message-id: <46370CC2.2090609@xxxxxxxxxxxxx>
John D Lamb escribió:
> On Fri, 2007-04-27 at 17:26 -0400, Cristian Rodriguez R. wrote:
>> John D Lamb escribió:
>>
>>> <form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>">
>>>
>>
>> Sure,and then you get a free security hole.
>
> Oops. I should have copied this instead of assuming I wouldn't make two
> errors in a single line of code.
>
Dont worry too much, this specific bug is present in a lot of
applications, even in a well known PHP security guide that is widely
used as a good programming reference..see my blog post
http://blog.flyspray.org/archives/7-Amusing-security-hole-in-Shifletts-security-guide.html
> On Fri, 2007-04-27 at 17:26 -0400, Cristian Rodriguez R. wrote:
>> John D Lamb escribió:
>>
>>> <form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>">
>>>
>>
>> Sure,and then you get a free security hole.
>
> Oops. I should have copied this instead of assuming I wouldn't make two
> errors in a single line of code.
>
Dont worry too much, this specific bug is present in a lot of
applications, even in a well known PHP security guide that is widely
used as a good programming reference..see my blog post
http://blog.flyspray.org/archives/7-Amusing-security-hole-in-Shifletts-security-guide.html
| < Previous | Next > |