[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: infolog csv_import.php,1.9,1.10
|
From: |
Ralf Becker <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: infolog csv_import.php,1.9,1.10 |
|
Date: |
Mon, 13 May 2002 11:15:33 -0400 |
Update of /cvsroot/phpgroupware/infolog
In directory subversions:/tmp/cvs-serv8385
Modified Files:
csv_import.php
Log Message:
closed security hole of using evaled code to show globals vars (which contain
eg. passwords)
Index: csv_import.php
===================================================================
RCS file: /cvsroot/phpgroupware/infolog/csv_import.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** csv_import.php 5 Mar 2002 12:59:16 -0000 1.9
--- csv_import.php 13 May 2002 15:15:29 -0000 1.10
***************
*** 323,327 ****
}
if ($val[0] == '@') {
! $val = 'return
'.substr($val,1).';';
// echo
"<p>eval('$val')=";
$val =
eval($val);
--- 323,328 ----
}
if ($val[0] == '@') {
! // removing the
$ to close security hole of showing vars, which contain eg. passwords
! $val = 'return
'.substr(str_replace('$','',$val),1).';';
// echo
"<p>eval('$val')=";
$val =
eval($val);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: infolog csv_import.php,1.9,1.10,
Ralf Becker <address@hidden> <=