While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web application,
old links or links which were not meant to be browsed by users, old code
The PHP application uses an old method for processing uploaded
files by referencing the four global variables that are set for each file (e.g.
$varname, $varname_size, $varname_name, $varname_type). These variables could be
overwritten by attackers, causing the application to process unauthorized