Shared publicly  - 
 
"The current PHP patch (which is in the newly released PHP updates) has the following line:

+ if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {

The second decoded_query_string should just be query_string. The current fix can be bypassed by having a %3d sequence in your query string."

Well, I guess that's understandable, since they've only been aware of this bug and testing this fix for 4 months.

ENGINEER IS CREDIT TO TEAM.
5
1
Glenn Hoeppner's profile photoErik Anderson's profile photoNorv N.'s profile photo
 
+2 for TF2 ref. I have no freakin clue what the PHP code said.
Add a comment...