[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Matt Juszczak
matt at atopia.net
Thu Jul 21 16:52:18 EDT 2005
>> You have opened a can of worms. If PHP_SELF can be tainted, are
>> you saying we shouldn't use it? It's such a valuable tool. HOw
>> can we guarantee it's integrity?
I'm freaking out now ...
Like I had before....
<form method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
appears in a LOT of my code.
is it now crucial to switch this to:
<form method="post" action="<?PHP echo basename($_SERVER['PHP_SELF']);
?>">
Is there any circumstance which could keep me from having to switch all
this code?
-Matt
More information about the talk
mailing list