| commit | 53b0d4cee76e53006bd223ab588448f864e80079 | |
| author | Bin Liu <binliu@fb.com> | |
| Fri, 30 Mar 2018 21:38:46 +0000 (30 14:38 -0700) | ||
| committer | Hhvm Bot <hhvm-bot@users.noreply.github.com> | |
| Fri, 30 Mar 2018 21:49:39 +0000 (30 14:49 -0700) | ||
| tree | 3fed71f761f6a3326c19ca6efda31c1a8eaca270 | treesnapshot (tar.gz zip) |
| parent | e09162e291f8cc905cbdbd71c21452116f329406 | commitdiff |
kill register_globals for file uploads in hhvm
Summary:
PHP 5.4 has killed it already. http://php.net/manual/en/security.globals.php
Code should look at _GET, _POST, _FILES, etc. directly to avoid security concerns.
CVE-2018-6334
Reviewed By: fredemmott
Differential Revision: D7404027
fbshipit-source-id: 974585bc389c3fd8a0f05b95329e2d9217d1919b
Summary:
PHP 5.4 has killed it already. http://php.net/manual/en/security.globals.php
Code should look at _GET, _POST, _FILES, etc. directly to avoid security concerns.
CVE-2018-6334
Reviewed By: fredemmott
Differential Revision: D7404027
fbshipit-source-id: 974585bc389c3fd8a0f05b95329e2d9217d1919b
| hphp/runtime/server/upload.cpp | diffblobblamehistory |