On 03/14/2012 02:46 PM, Anthony Ferrara wrote: >> But Pierre, you understand that by the time you ini_set() it in the code >> it can only ever affect parse_str() calls. > > Well, wouldn't INI_ALL would allow .htaccess files to override that > statement, and hence open the vulnerability?
No because it is already PERDIR. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php