Re: Why most run Microsoft, not RedHat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Kelly <lightsolphoenix@xxxxxxxxx> writes:

> The problem was, originally PHP would create variables with the names of the 
> HTML elements they were originally taken from (&lt;input type="text" 
> name="test"&gt; would become $test in PHP).  Most authors used this feature 
> without thinking, because it was convinient.  But it allows for a bunch of 
> serious attacks from the outside, especially if it is used in conjunction 
> with database queries.
> Safe mode causes those elements to not be registered, forcing the author to 
> access the variables using the special superarrays ($_GET, $_POST, $_COOKIE, 
> etc.), which prevents the aforementioned attacks.  They didn't just change it 
> because it would have broken compatibility with older scripts; the general 
> hope was that it would slowly be turned on over time.
> At least, that's what I seem to recall.

I think you are wrong. The above behaviour is controlled by the
register_globals variable in php.ini. Thus, there must be some other use
for safe-mode.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux