From 3a8a2c895a21293a6b9c143d130814abe4ca6df3 Mon Sep 17 00:00:00 2001 From: "Daniel P. Brown" Date: Fri, 11 Feb 2011 14:47:05 +0000 Subject: [PATCH] Changes password -> username in the text, as pointed out by (Raja dot Kapur at gmail dot com). git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@308258 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/mongo/security.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/mongo/security.xml b/reference/mongo/security.xml index 8a85a769db..40877faba0 100644 --- a/reference/mongo/security.xml +++ b/reference/mongo/security.xml @@ -21,7 +21,7 @@ Someone could subvert this by getting - http://www.example.com?password[$ne]=foo, which PHP + http://www.example.com?username[$ne]=foo, which PHP will magically turn into an associative array, turning your query into $collection->find(array("username" => array('$ne' => "foo"))), which will return all users not named "foo" (all of your users, probably).