PHP 4.1.0

Looks like the finally fixed PHP like I had it worked out in my head. In the new 4.1.0 version they added an option so CGI/Form variables are not automatically created as PHP variables. In the below example it would be really easy to hack this script, just pass in authenticated in the CGI.

<?PHP> if (authenticate_user()) { $authenticated = true; } ... ?>
With the new version, the form variables get put in their own arrays, that you would have to call. In this example it would get: $_GET['authenticate']; So you have to explicitly call the variable now, which should make it more secure.


Note: Replies will be formatted with PHP Markdown Extra syntax.

Name: Email (Not Required):
 
Logged IP: 34.237.124.210
To prevent spam please submit by clicking the kitten: