This article just came out yesterday: [infoworld.com...]

[foregroundsecurity.com...]

Scary stuff, and if the content-type header can be spoofed, I'm not sure of an easy to way to check for this in PHP. Are there any apache patches for this? Anybody know more about this?