Edward Vermillion wrote:
I was under the the impression that the non-'HTTP_*' keys in the
$_SERVER array came from the server itself.
All of that data comes from the server, but it's difficult to determine
which data can be influenced by information within the HTTP request. In
other words, yo
Richard Lynch wrote:
Disclaimer: I really have no idea how it could harm you, but if Chris
Shifflett warns against it, don't do it. :-)
That was the assumption I was running under, which is why I was very
curious about it. ;)
Thanks for the explanation. I'm still not 100% on how a request
On Fri, August 26, 2005 5:55 am, Edward Vermillion wrote:
> Chris Shiflett wrote:
>
>> Because $_SERVER['SERVER_NAME'] can be manipulated by the user in
>> some
>> cases, you must consider $temp tainted at this point.
>>
>
> I was under the the impression that the non-'HTTP_*' keys in the
> $_SERVE
Chris Shiflett wrote:
Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
cases, you must consider $temp tainted at this point.
I was under the the impression that the non-'HTTP_*' keys in the
$_SERVER array came from the server itself. Obvoiusly I'm wrong, but I'm
curoi
Graham Anderson wrote:
Is their some other reasonably safe way to call to the script outside
the web folder?
Assuming you don't have too many hosts, a better way to write this:
$brainPath = "/home/".$server."/includes/fonovisa.inc";
is to use a switch statement to make sure $server is valid
Is their some other reasonably safe way to call to the script outside
the web folder ?
Or, is there some other secure method to get the server name?
As an alternative:
I tried using a relative path: FROM the php script location TO the
fono.inc script location outside the web folder
$mypath =
Graham Anderson wrote:
Is the below reasonable safe ?
I have all of my main functions outside the web folder
I am including this function with every php script that
accesses fonovisa.inc
function getBrain()
{
$temp = explode('.', $_SERVER['SERVER_NAME']);
Because $_SERVER['SERVER_NAME'] c
7 matches
Mail list logo
