Thanks for the example. Even if it's not frequent I agree that it doesn't
cost much to prevent this issue
Pierrick
On 1 February 2013 13:04, Stas Malyshev wrote:
> Hi!
>
> > I'm not against it but, just being curious, what are those security
> > reasons ?
>
> If you ever accepted serialized dat
Hi!
> I'm not against it but, just being curious, what are those security
> reasons ?
If you ever accepted serialized data from outside (say, after putting it
in a cookie or just having API that accepts serialization) and then
forwarded the same data array using cURL, the attacker could create
se
Hi Stas,
I'm not against it but, just being curious, what are those security reasons
?
Thanks
Pierrick
On 28 January 2013 15:01, Stas Malyshev wrote:
> Hi!
>
> > I've started a vote on CURLFile RFC:
> > https://wiki.php.net/rfc/curl-file-upload#vote
> >
> > Please vote.
>
> Looks like the feat
Hi!
> Looks like the feature has been approved almost anonymously, so I'll be
Unanimously of course :)
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.p
Hi!
> I've started a vote on CURLFile RFC:
> https://wiki.php.net/rfc/curl-file-upload#vote
>
> Please vote.
Looks like the feature has been approved almost anonymously, so I'll be
proceeding with merging the pull soon. I'm also planning adding __wakeup
there that blocks unserializing CURLFile,
