Hi everyone,
I have a question regarding vulnerabilities related to PHP superglobals, in particular $_SERVER.
I will have a website on a shared hosting environment, and I am unsure of the risks of using the variables such as $_SERVER['DOCUMENT_ROOT'] for things such as "including" files i.e using the include, or require function.
Are there any know methods to spoof these variables?
I am doing my best to mitigate security risks; however, I do not have technical knowledge in this matter.
any help is appreciated.
thanks