I am sorry if this is one of the FAQ.
Last time I checked (well, a few months ago), PHP has the
vulnerability that the user who submitted the form can
manipulate the global namespace to let PHP pick up arbitrary
file in the system. Can we now do safe file uploading without
turning off register_globals?
Thanks,
Steve
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
