|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2003-12-21 12:40 UTC] derick@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Nov 01 01:01:28 2024 UTC |
Description: ------------ It is possible to post data to an script on an external server. I find this a huge bug in the php api, because of this harmfull persons can add/alter any kind of data to a script. Will this be resolved in a future PHP version? Reproduce code: --------------- [external server] <?php ini_set("register_globals", 1); $variabel = $_POST["test_var"]; if(!empty($variabel)){ print "This is the bug I'm talking about"; } ?> [other server] <form method="post" action="http://my.external.site/externalphpscript.php"> <input type="text" name="test_var"> <input type="submit" value="Test"> </form> Expected result: ---------------- This is the bug I'm talking about