Hi! > Thanks for responding to this issue. > > Will calling getMetaData still parse and > execute malicious code?
If it's contained in phar and serialized data and the surrounding code (I understand that most techniques mentioned in the article rely on certain vulnerable code being present) then yes. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
