[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: addressbook csv_import.php,1.9,1.10
|
From: |
Ralf Becker <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: addressbook csv_import.php,1.9,1.10 |
|
Date: |
Mon, 13 May 2002 10:46:49 -0400 |
Update of /cvsroot/phpgroupware/addressbook
In directory subversions:/tmp/cvs-serv7056
Modified Files:
csv_import.php
Log Message:
closed security hole of using evaled code to show globals vars (which contain
eg. passwords)
Index: csv_import.php
===================================================================
RCS file: /cvsroot/phpgroupware/addressbook/csv_import.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** csv_import.php 1 May 2002 12:46:20 -0000 1.9
--- csv_import.php 13 May 2002 14:46:47 -0000 1.10
***************
*** 330,334 ****
if($val[0] ==
'@')
{
! $val =
'return '.substr($val,1).';';
// echo
"<p>eval('$val')=";
$val =
eval($val);
--- 330,335 ----
if($val[0] ==
'@')
{
! //
removing the $ to close security hole of showing vars, which contain eg.
passwords
! $val =
'return '.substr(str_replace('$','',$val),1).';';
// echo
"<p>eval('$val')=";
$val =
eval($val);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: addressbook csv_import.php,1.9,1.10,
Ralf Becker <address@hidden> <=