Chris Shiflett wrote:
Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some cases, you must consider $temp tainted at this point.
I was under the the impression that the non-'HTTP_*' keys in the $_SERVER array came from the server itself. Obvoiusly I'm wrong, but I'm curoius how 'SERVER_NAME' could be manipulated by the client. Is there anything in the $_SERVER array that *can* be considered safe?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
