| Sean Coates 2005-08-25, 6:56 pm |
| sean Thu Aug 25 10:54:59 2005 EDT
Modified files:
/phpdoc/en/security globals.xml
Log:
type #34245 -- also removed (poison)
http://cvs.php.net/diff.php/phpdoc/...1.5&r2=1.6&ty=u
Index: phpdoc/en/security/globals.xml
diff -u phpdoc/en/security/globals.xml:1.5 phpdoc/en/security/globals.xml:1.6
--- phpdoc/en/security/globals.xml:1.5 Sat Sep 11 09:25:09 2004
+++ phpdoc/en/security/globals.xml Thu Aug 25 10:54:47 2005
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.5 $ -->
+<!-- $Revision: 1.6 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
<chapter id="security.globals">
<title>Using Register Globals</title>
@@ -14,7 +14,7 @@
directive itself isn't insecure but rather it's the misuse of it.
</para>
<para>
- When on, register_globals will inject (poison) your scripts will all
+ When on, register_globals will inject your scripts with all
sorts of variables, like request variables from HTML forms. This
coupled with the fact that PHP doesn't require variable initialization
means writing insecure code is that much easier. It was a difficult
|