Re: [PHP] Newbie: Safe function call to a .inc file outside the web folder — PHP

You are here: Re: [PHP] Newbie: Safe function call to a .inc file outside the web folder « PHP « IT news, forums, messages

Posted by Edward Vermillion on 08/26/05 13:55

Chris Shiflett wrote:

> Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
> cases, you must consider $temp tainted at this point.
>

I was under the the impression that the non-'HTTP_*' keys in the
$_SERVER array came from the server itself. Obvoiusly I'm wrong, but I'm
curoius how 'SERVER_NAME' could be manipulated by the client. Is there
anything in the $_SERVER array that *can* be considered safe?

Navigation:

Next in forum: Re: [PHP] Help Needed
Prev in forum: Re: [PHP] Re: php ldap
Thread view: Re: [PHP] Newbie: Safe function call to a .inc file outside the web folder

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация