> This always works for me...
>
> eval ("\$message = \"$message\";");
RED ALERT! SECURITY TO THE BRIDGE!
"Captain, there's Klingons off the starboard bow!"
Oh, sorry. Did I type that aloud? Sorry.
If $message is a free-form email typed in by a potentially malicious user
this looks pretty dangerous to me...
Have you tried it with things like:
$message = '";exec("/usr/bin/cat /etc/passwd");';
Do *NOT* try this one, but if the above works, think what *THIS* would do!
$message = '";exec("/usr/bin/rm -rf /");';
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
