Posted by Edward Vermillion on 08/26/05 13:55
Chris Shiflett wrote:
> Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
> cases, you must consider $temp tainted at this point.
>
I was under the the impression that the non-'HTTP_*' keys in the
$_SERVER array came from the server itself. Obvoiusly I'm wrong, but I'm
curoius how 'SERVER_NAME' could be manipulated by the client. Is there
anything in the $_SERVER array that *can* be considered safe?
[Back to original message]
|