[OWASP_PHPSEC] Doubt in _core/loader.php

rahul chaudhary rahul300chaudhary400 at gmail.com
Fri Aug 16 15:52:19 UTC 2013


I do not understand the use of "___r". With this internal request what are
we accomplishing ?
Also if "___r" contains all of the internal request and we are "unsetting"
it, then aren't we deleting all the internal request which we need later ?


On Fri, Aug 16, 2013 at 12:36 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> it is set by apache because of the .htaccess file
>
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Mordad 24, 1392, at 7:23 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> _core/loader.php
>
> 1) Line 39: How can we get internal requests from $_GET['___r']
> 2) Line 40: Why are we unsetting _GET and _REQUEST ?
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130816/3671922b/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list