Comments on: The dangers of PHP_SELF http://www.phpbbdoctor.com/blog/2007/01/29/the-dangers-of-php_self/ Your premium source for custom modification services for phpBB Wed, 11 Jan 2012 20:39:04 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: dave.rathbun http://www.phpbbdoctor.com/blog/2007/01/29/the-dangers-of-php_self/comment-page-1/#comment-1425 dave.rathbun Mon, 05 Feb 2007 04:16:24 +0000 http://www.phpbbdoctor.com/blog/?p=59#comment-1425 I will defer that opportunity to you. :-) I'm not familiar with the product at all... if you are, it would probably have more weight coming from someone that knows what they're talking about, and I clearly would not. I will defer that opportunity to you. :-) I’m not familiar with the product at all… if you are, it would probably have more weight coming from someone that knows what they’re talking about, and I clearly would not.

]]> By: damnian http://www.phpbbdoctor.com/blog/2007/01/29/the-dangers-of-php_self/comment-page-1/#comment-1421 damnian Sun, 04 Feb 2007 20:51:42 +0000 http://www.phpbbdoctor.com/blog/?p=59#comment-1421 Excellent point. I just spotted use of PHP_SELF in <a href="http://www.whobar.org/" rel="nofollow">Whobar</a>. I think you should report it and get the credit. Excellent point. I just spotted use of PHP_SELF in Whobar. I think you should report it and get the credit.

]]> By: dave.rathbun http://www.phpbbdoctor.com/blog/2007/01/29/the-dangers-of-php_self/comment-page-1/#comment-1337 dave.rathbun Tue, 30 Jan 2007 14:20:06 +0000 http://www.phpbbdoctor.com/blog/?p=59#comment-1337 olpa, I had never thought of such a thing either. :-) I am really quite grateful to the job done by the phpBB MOD Validation team. Every time they reject one of my MODs I learn something new, and generally important. 8) If it wasn't obvious, this was the security issue that caused me to write <a href="http://www.phpbbdoctor.com/blog/?p=60">this post</a> a few days ago. Before revealing the specifics I wanted to give folks that were using the RC versions a chance to upgrade. I contacted some folks that I knew were using it, and had no way to know who I was missing. Still don't. olpa, I had never thought of such a thing either. :-) I am really quite grateful to the job done by the phpBB MOD Validation team. Every time they reject one of my MODs I learn something new, and generally important. 8)

If it wasn’t obvious, this was the security issue that caused me to write this post a few days ago. Before revealing the specifics I wanted to give folks that were using the RC versions a chance to upgrade. I contacted some folks that I knew were using it, and had no way to know who I was missing.

Still don’t.

]]> By: olpa http://www.phpbbdoctor.com/blog/2007/01/29/the-dangers-of-php_self/comment-page-1/#comment-1326 olpa Tue, 30 Jan 2007 03:54:24 +0000 http://www.phpbbdoctor.com/blog/?p=59#comment-1326 Awesome! I've never thought about such sort of abuse of PHP_SELF. Thanks for sharing. // Just re-checked my code. Fine, only __FILE__ and $_SERVER['REQUEST_URI']. Awesome! I’ve never thought about such sort of abuse of PHP_SELF. Thanks for sharing.

// Just re-checked my code. Fine, only __FILE__ and $_SERVER['REQUEST_URI'].

]]> By: eviL<3 http://www.phpbbdoctor.com/blog/2007/01/29/the-dangers-of-php_self/comment-page-1/#comment-1322 eviL<3 Mon, 29 Jan 2007 22:53:49 +0000 http://www.phpbbdoctor.com/blog/?p=59#comment-1322 Very good post, i shall link to this ;) Very good post, i shall link to this ;)

]]>