FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Help with Security
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Help with Security [message #182976 is a reply to message #173217] Mon, 30 September 2013 16:18 Go to previous messageGo to previous message
Christoph Michael Bec is currently offline  Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma:
Senior Member
Richard Yates wrotes:

> On Sun, 29 Sep 2013 21:47:47 -0700 (PDT), chirag sharma
> <chiragsharma(dot)guru99(at)gmail(dot)com> wrote:
>
>> Hi
>> I have created an online PHP code executor at http://web.guru99.comAlthough I have checked all security loopholes … do you experts see any major security leak that I need to care of?"
>
> <?php $d='7'; echo $d?>
>
> yields: 'syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting
> T_STRING'

<?php $d="7"; echo $d;?> works, though.

> <?php echo $d; ?>
>
> yields: 'Notice: Undefined variable: d in
> /home/code1/public_html/PHP/exec.php(69) : eval()'d code on line 1'
>
> Do you really want such errors with the defined path displayed?

Indeed, that should be avoided, particularly as one can do, for instance:

<?php
$files = new DirectoryIterator(".");
foreach ($files as $file) {
echo $file;
}
?>

--
Christoph M. Becker
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Host recommendations (slightly OT)
Next Topic: Shuffle problem
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 07:57:56 GMT 2024

Total time taken to generate the page: 0.04245 seconds