https://wiki.owasp.org/index.php?action=history&feed=atom&title=Phpsec%2FHTTP_Request_Handling_LibraryPhpsec/HTTP Request Handling Library - Revision history2026-04-13T01:50:11ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Phpsec/HTTP_Request_Handling_Library&diff=156204&oldid=prevAbhishek Das: Created page with "<h4>Introduction</h4> HTTP Request is user input. Many developers forget this fact and tend to rely on it as a trustworthy source and configure many aspects of their applicat..."2013-07-29T16:57:34Z<p>Created page with "<h4>Introduction</h4> HTTP Request is user input. Many developers forget this fact and tend to rely on it as a trustworthy source and configure many aspects of their applicat..."</p>
<p><b>New page</b></p><div><h4>Introduction</h4><br />
<br />
HTTP Request is user input. Many developers forget this fact and tend to rely on it as a trustworthy source and configure many aspects of their applications based on values of <code>$_SERVER</code> (most of which are set using HTTP request). While not all values under <code>$_SERVER</code> are unreliable, some of the values such as 'QUERY_STRING', 'HTTP_REFERRER' etc are entirely arbitrary information sent by the client. This library provides wrappers which securely process these data and hand them to user, and replaces the <code>$_SERVER</code> values that are insecure with objects that throw exceptions when cast to string (e.g. in HTTP_HOST), so that developers can no longer directly access them.</div>Abhishek Das