On 15-Dec-06, at 7:01 PM, Stanislav Malyshev wrote:
the harm. One simple exploit leading to information disclosure is
to pass it an array() causing the function to generate an error
exposing the script's path.
You mean when running with display_errors = on? Ouch.
Something that most servers do (almost 80% by recent stats).
http://www.nexen.net/images/stories/phpinfos/display_errors.png
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
