hi guys, has anyone considered something like richard's suggestion in msg 48? if the sev is not going to be downgraded to important, that's probably the best way forward wrt lenny...
it shouldn't be too hard to make a new global variable or function in some
centrally included location, and have that variable/function "safely" mimick
the REQUEST variable's behaviour.
regarding richard's comments about cases where cookie values might
be used via the REQUEST variable, i'd be highly skeptical that
this was going on, but then again we're dealing with a php webapp, so...
i think to rule that out you just need to cross-reference with a recursive
grep -i for cookie and make sure there are no overlapping variables in
usage of REQUEST.
sean
signature.asc
Description: Digital signature
