[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Tim Gales
tgales at tgaconnect.com
Thu Jul 21 08:21:12 EDT 2005
On Wednesday 20 July 2005 08:11 pm, cliff wrote:
> Dan:
>
> You have opened a can of worms. If PHP_SELF can be tainted, are you saying
> we shouldn't use it? It's such a valuable tool. HOw can we guarantee it's
> integrity?
>
You could filter with a whitelist approach as suggested at:
http://phpsec.org/projects/guide/1.html
--
T. Gales & Associates
'Helping People Connect with Technology'
http://www.tgaconnect.com
More information about the talk
mailing list