 |
 |
 |
 |
|
|
Date: 08/08/01
- Next message: Zeev Suraski: "[PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)"
- Previous message: cynic <email protected>: "[PHP-DEV] Bug #12640 Updated: Can't find php_domxml.dll file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[moving this to php-dev]
First: Great! Woohoo! Thanks Zeev!
On Wed, 8 Aug 2001, Zeev Suraski wrote:
>At 20:27 08-08-01, Andrei Zmievski wrote:
>>On Wed, 08 Aug 2001, Zeev Suraski wrote:
>> > Good question, open for debate... Generally I consider GPC as a group of
>> > data which cannot be trusted, since it's coming from the user. But I'm
Include cookie data in the $_FORM only if it's renamed to something
else. I wouldn't expect a variable named $_FORM to have anything but
the data which comes from forms.
>I tend to lean towards changing it from $_FORM too. Andi suggested
>$_CLIENT. Let's hear some feedback:
>
>- Keep it as $_FORM
>- $_USER
$_USER == $_EVIL
;)
--Jani
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Zeev Suraski: "[PHP-DEV] Re: The new $_GET/POST/ENV (was: Re: [PHP-CVS] cvs: php4 / NEWS...)"
- Previous message: cynic <email protected>: "[PHP-DEV] Bug #12640 Updated: Can't find php_domxml.dll file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]