[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: infolog csv_import.php,1.7.2.1,1.7.2.2
|
From: |
Ralf Becker <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: infolog csv_import.php,1.7.2.1,1.7.2.2 |
|
Date: |
Mon, 13 May 2002 11:16:34 -0400 |
Update of /cvsroot/phpgroupware/infolog
In directory subversions:/tmp/cvs-serv8450
Modified Files:
Tag: Version-0_9_14-branch
csv_import.php
Log Message:
closed security hole of using evaled code to show globals vars (which contain
eg. passwords)
Index: csv_import.php
===================================================================
RCS file: /cvsroot/phpgroupware/infolog/csv_import.php,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -C2 -r1.7.2.1 -r1.7.2.2
*** csv_import.php 5 Mar 2002 13:01:17 -0000 1.7.2.1
--- csv_import.php 13 May 2002 15:16:30 -0000 1.7.2.2
***************
*** 323,327 ****
}
if ($val[0] == '@') {
! $val = 'return
'.substr($val,1).';';
// echo
"<p>eval('$val')=";
$val =
eval($val);
--- 323,328 ----
}
if ($val[0] == '@') {
! // removing the
$ to close security hole of showing vars, which contain eg. passwords
! $val = 'return
'.substr(str_replace('$','',$val),1).';';
// echo
"<p>eval('$val')=";
$val =
eval($val);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: infolog csv_import.php,1.7.2.1,1.7.2.2,
Ralf Becker <address@hidden> <=