At least they are consistent
At least they are consistent
Posted May 4, 2012 17:59 UTC (Fri) by drag (guest, #31333)In reply to: At least they are consistent by jmayer
Parent article: An important PHP security update
What's more is that they actually had code in place to properly protect against this sort of attack in 2004, but removed it.
A developer realized that the protection against this sort of attack was interfering with some of the regression tests so he deleted it. Nobody replied to his email explaining why the code check was needed.
Really bizarre stuff.