Essential PHP Security
by Chris Shiflett

The following errata were *corrected* in the 2/06 reprint:

Here's a key to the markup:
	[page-number]: serious technical mistake
	{page-number}: minor technical mistake
	<page-number>: important language/formatting problem
	(page-number): language change or minor formatting problem




The copyright page NOW READS:

Editors:  Tatiana Apandi and Allison Randal



(x) first paragraph;
attracks

NOW READS:
attacks



(xi)
http://elists.oreilly.com

NOW READS:
http://elists.oreilly.com/



{6}
search = $_GET['search'];

NOW READS:
$search = $_GET['search'];



{10} first code block;
while (strpos($_POST['filename'], '..') !== FALSE)

NOW READS:
while (strpos($filename, '..') !== FALSE)




{12} printf;
The entry for printf HAS BEEN REMOVED from the bulleted
list, because a search for print includes these cases.



(26)
http://www.google.com

NOW READS:
http://www.google.com/



(30)
Red from the list and clicks Select

The words "Red" and "Select" NOW APPEAR in a  fixed-width font.



(36) in the note;
discoveries have revealed both weaknesses

NOW READS:
discoveries have revealed weaknesses



(39) in the note;
INTO   user(last_name)

NOW READS:
INTO   users(last_name)



{55}
basename($_GET['filename'] ==

NOW READS:
basename($_GET['filename']) ==



{55}
/* $filename is within /path/to */.

NOW READS:
/* $filename is within /path/to. */



(56)
and the filename is treated as

NOW READS:
and the original filename is treated as



{83}
ENT_QUOTES, 'UTF-8'));

NOW READS:
ENT_QUOTES, 'UTF-8');