"Meir Kriheli" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> I need another pair of eyes to see if I've overlooked something.
SNIP
> so
> '{pass1}=={pass2}'
>
> is converted to
> '$GLOBALS['pass1']==$GLOBALS['pass2']'
>
> When to form is validated I'm running eval() to evaluate the
expression. I'm
> concerned that there's an exploit somewhere, maybe a user entering
some
> malicious data (I don't like using eval that often). But I'm not
using eval()
> directly on user entered data, and I can't see where it is possible.
Where pass1,pass2,etc came from? I guess from user and you set
register_globals=on in your php.ini. If this is the case, your script
is exploitable probably.
"register_globals=off" in your php.ini and use $HTTP_*_VARS.
If you want to protect values set by PHP also, I've posted sample
function at zend.com recently.
http://www.zend.com/codex.php?id=626&single=1
(Protect values (GET/POST/COOKIE) set by PHP)
Regards,
--
Yasuo Ohgaki
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
