If there ever was a reason not to use PHP, it's Bugtraq reports like
this one. Woo hoo! Any
file-upload script can be told to act on any file on the system, because
they confuse user-form variables with system control variables. Woo hoo.
Another place where oversimplification leads to security holes.
Back to
Meditations