On Saturday 28 July 2001 20:52, Zeev Suraski wrote:
a rebuf to each of my arguments :)
Rather than prolong the agony, my point is that in all the cases where a
malicious user has the chance to inject a dodgy variable, the code must
normally have a logic path which allows the code to pass through an undefined
usage of that variable. In testing the code with E_NOTICE on, a warning
message will be displayed. The warning message could be beefed up to scare
the user a bit more, but for me it is this that hits the nail on the head.
I can assure you that the monkeys will screw things up whowever you change
the code :)
That said, It's easy to live with the proposal, especially with the
import_globals() functions.
Cheers
--
Phil Driscoll
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
