On Wed, February 1, 2012 00:38, Filipus Klutiero wrote: >>>> when used by sloppy developers (for example: not checking the >>>> contents >>>> of a tar file before extracting it, using unserialize() on >>>> untrusted data, or relying on a specific value of short_open_tag).
> I understand from Thijs's comment that the README is alluding to the > built-in unserialize() function: > http://ca.php.net/manual/en/function.unserialize.php > Assuming that is correct, please consider this report a reminder to > clarify. Thanks, but given that unserialize is followed by () it should make it clear we're referring to a specific function, and the whole document is clearly in the context of the PHP interpreter. Googling for "php unserialize" instantly yields the relevant documentation for those who want to know more. I prefer to keep this brief so it actually gets read, and don't think further clarification is necessary. Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
