Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645
http://www.hardened-php.net/index.76.html This page explains why the so-called 'globals overwrite' bug matters, even regardless of the register_globals setting. To put it briefly, the $GLOBALS array can be accessed directly by other functions that assume a propar initialization that might have been destroyed by the overwrite. Not sure that is clear enough, read the page above if not. My point is: this has close to nothing to do with register_globals. There's a serious security issue, it needs to be fixed. Any pointers on the actual patch applied in 4.4.1? Thanks, A. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
