|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-06-03 07:45 UTC] tyrael@php.net
-Status: Open
+Status: Feedback
[2014-06-03 07:45 UTC] tyrael@php.net
[2014-06-03 08:21 UTC] fleshgrinder at gmx dot at
[2014-07-02 20:24 UTC] tyrael@php.net
-Status: Feedback
+Status: Duplicate
[2014-07-02 20:24 UTC] tyrael@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 19 00:01:29 2024 UTC |
Description: ------------ I'm running nginx which communicates via FastCGI to php-fpm. The filter_input() function doesn't validate any of the variables which are sent via FastCGI within the global $_SERVER array. Test script: --------------- <?php foreach ($_SERVER as $variable_name => $value) { var_dump($value); var_dump(filter_input(INPUT_SERVER, $variable_name, FILTER_UNSAFE_RAW)); } ?> Expected result: ---------------- The filter_input() function should validate the variable within the $_SERVER array. I know that filter_input() can't be used if you set something in your code but in my opinion it should accept the data that was sent via FastCGI. Otherwise the function is pretty useless for non Apache users. Actual result: -------------- Always returns NULL.