Description of problem: The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
The 'fdf' extension is not included in php packages distributed by Red Hat.
*** Bug 239316 has been marked as a duplicate of this bug. ***