Scott,
Thanks for the patch, it is now part of the 5.2 tree.
Ilia
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
IE for Mac isn't part of our test suite here so I never gave it a check, frankly
its no longer supported by Microsoft or Apple and has since been superseded by
Safari.
Yeah save for people with MacOS9. Again, who cares? Just thought a
note should go in the manual (just a comment on the cookie pa
Quoting steve <[EMAIL PROTECTED]>:
> Just a note -- having implemented and deployed this (in userspace, not
> in php itself) -- setting the http_only flag kills the cookie in IE on
> the Mac. One would hope no one is using such a thing anymore, but I
> thought I'd point it out, and I'm definately
Just a note -- having implemented and deployed this (in userspace, not
in php itself) -- setting the http_only flag kills the cookie in IE on
the Mac. One would hope no one is using such a thing anymore, but I
thought I'd point it out, and I'm definately in favor of the change.
Maybe it will get M
On Mon, August 7, 2006 9:53 am, Scott MacVicar wrote:
> After we recently experienced an XSS through what can only be
> described
> as IE's shocking attempt at determining the mime type from the data
> and
> ignoring what the server sent
In case anybody finds this in a Google search, I have found
Scott MacVicar wrote:
Hi,
After we recently experienced an XSS through what can only be described
as IE's shocking attempt at determining the mime type from the data and
ignoring what the server sent we decided to look into implementing
HTTP-only cookies. We know it's not a solution for preve
Seems like a good idea to me. If no one objects I'll apply this
patch, thanks Scott.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
After we recently experienced an XSS through what can only be described
as IE's shocking attempt at determining the mime type from the data and
ignoring what the server sent we decided to look into implementing
HTTP-only cookies. We know it's not a solution for preventing XSS, but
adding
