[OWASP_PHPSEC] Doubt in _core/loader.php
rahul300chaudhary400 at gmail.com
Fri Aug 16 15:52:19 UTC 2013
I do not understand the use of "___r". With this internal request what are
we accomplishing ?
Also if "___r" contains all of the internal request and we are "unsetting"
it, then aren't we deleting all the internal request which we need later ?
On Fri, Aug 16, 2013 at 12:36 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> it is set by apache because of the .htaccess file
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body. Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> On Mordad 24, 1392, at 7:23 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
> 1) Line 39: How can we get internal requests from $_GET['___r']
> 2) Line 40: Why are we unsetting _GET and _REQUEST ?
> Rahul Chaudhary
> Ph - 412-519-9634
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project