Thank you Richard. I will test that (piping the output). Regarding my
concerns about "rubbing security" by not validating the included
code, I actually meant that the script does not validate where the
included PHP script is coming from. Could someone set the
environmental variable $_SERVER
Did you try to use "-" as the file and pipe the output?...
That might work...
As far as the Tidy not validating the included PHP, I'm not sure what
you mean, but I don't see this making the PHP code any less secure
than it was before you wrapped Tidy around it...
On Fri, August 4, 2006 6:21 am,
2 matches
Mail list logo
