Marek Kilimajer wrote: > > By requesting upload_script.php?userfile=/etc/passwd and > upload_sript.php uses global variables to handle uploads. This check > should not be necessery if you are using $_FILES superglobal as php will > not accept _FILES user input. But keep the check there in case a bug > will be introduced. > > Alexander Mueller wrote:
Thanks for the explanation Marek. When I fully entered PHP's arena the global variables werent really an issue anymore, therefore I am more familiar with the $_* arrays and wondered about this paragraph. So in the good old days one could access the uploaded file by the name of the input field?! Thanks, Alexander -- PINO - The free Chatsystem! Available at http://www.pino.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
