Re: Newbie: Safe function call to a .inc file outside the web folder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris Shiflett wrote:

Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some cases, you must consider $temp tainted at this point.


I was under the the impression that the non-'HTTP_*' keys in the $_SERVER array came from the server itself. Obvoiusly I'm wrong, but I'm curoius how 'SERVER_NAME' could be manipulated by the client. Is there anything in the $_SERVER array that *can* be considered safe?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux