Another day, another WTF

Can’t find the customer’s home country in the database? That’s ok; just pick any country with a vaguely similar-sounding name, that’s good enough. A bizarre bit of code in the e-commerce software1 I’m currently fixing up does exactly that; it uses the Soundex algorithm to look for an approximate match to where the customer lives, […]

import_request_variables(): When will PHP stop being insecure by design?

Re Bugtraq post PHP import_request_variables() arbitrary variable overwrite. This sort of thing really brings it home how the PHP core team still don’t seem to really understand security… or would rather sacrifice it in the name of backwards, very backwards, compatibility. If you’re going to provide a function like import_request_variables() to replace the blatantly-unsafe register_globals, […]