It also fixes the following, which wasn't mentioned in the summary (or elsewhere, as far as I can see):
"Cross-site Scripting in PHP's Transparent Session ID Support" http://shh.thathost.com/secadv/2003-05-11-php.txt
Sverre.
– [email protected] http://shh.thathost.com/