[Phpmyadmin-devel] phpMyAdmin 2.9.0.1 is released
Sebastian Mendel
lists at sebastianmendel.de
Tue Oct 3 14:32:44 CEST 2006
Michal Čihař schrieb:
> On Tue, 03 Oct 2006 08:16:10 -0400
> Marc Delisle <Marc.Delisle at cegepsherbrooke.qc.ca> wrote:
>
>> I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token ']
>> in scripts/setup.php.
>
> What was reason to add spaces?
$_SESSION variables can be overwritten with register_globals on
you cannot overwrite variable with spaces
script.php?%20var%20
becomes
$_REQUST['_var']
so you have no possibility to overwrite any variable with spaces in its
name from outside
--
Sebastian
More information about the Developers
mailing list