mailing list archives
Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
From: Zeev Suraski <zeev () zend com>
Date: Tue, 5 Sep 2000 01:35:03 +0300
The initial fix published earlier did NOT fix the vulnerability that was
discovered, and could also cause crashes under certain circumstances. It
could also cause some applications to fail, due to a side effect that
prevents certain valid form variables from being processed correctly.
The correct, tested fixed file (without any side effects) is available at
The diff against version 4.0.2 is available at:
It is also attached to this message.
Thanks to James Moore for helping me test this fix.
Zeev Suraski <zeev () zend com>
Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Mads Bach (Sep 05)
Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Brian Smith (Sep 05)