mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
show_source() -> <function>show_source</function>
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@39530 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Damien Seguy
parent
dc4efd6634
commit
9611119c11
2 changed files with 20 additions and 18 deletions
|
|
@ -342,7 +342,7 @@ $homedir = "/home/$username";
|
|||
$file_to_delete = "$userfile";
|
||||
unlink ($homedir/$userfile);
|
||||
echo "$file_to_delete has been deleted!";
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
Since the username is postable from a user form, they can submit
|
||||
|
|
@ -361,7 +361,7 @@ $homedir = "/home/../etc/";
|
|||
$file_to_delete = "passwd";
|
||||
unlink ("/home/../etc/passwd");
|
||||
echo "/home/../etc/passwd has been deleted!";
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
There are two important measures you should take to prevent these
|
||||
|
|
@ -398,7 +398,7 @@ fputs ($fp, $logstring);
|
|||
fclose($fp);
|
||||
|
||||
echo "$file_to_delete has been deleted!";
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
Alternately, you may prefer to write a more customized check:
|
||||
|
|
@ -413,7 +413,7 @@ if (!ereg('^[^./][^/]*$', $userfile))
|
|||
die('bad filename'); //die, do not process
|
||||
|
||||
//etc...
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
Depending on your operating system, there are a wide variety of files
|
||||
|
|
@ -439,10 +439,11 @@ if (!ereg('^[^./][^/]*$', $userfile))
|
|||
as the function or file that failed, the PHP file it failed in,
|
||||
and the line number which the failure occured in. This is all
|
||||
information that can be exploited. It is not uncommon for a php
|
||||
developer to use show_source(), highlight_string(), or
|
||||
highlight_file() as a debugging measure, but in a live site, this
|
||||
can expose hidden variables, unchecked syntax, and other dangerous
|
||||
information.
|
||||
developer to use <function>show_source</function>,
|
||||
<function>highlight_string</function>, or
|
||||
<function>highlight_file</function> as a debugging measure, but in
|
||||
a live site, this can expose hidden variables, unchecked syntax,
|
||||
and other dangerous information.
|
||||
</simpara>
|
||||
<simpara>
|
||||
For example, the very style of a generic error indicates a system
|
||||
|
|
@ -502,7 +503,7 @@ fputs ($fp, $evil_var);
|
|||
system ($evil_var);
|
||||
exec ($evil_var);
|
||||
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
You should always carefully examine your code to make sure that any
|
||||
|
|
|
|||
|
|
@ -342,7 +342,7 @@ $homedir = "/home/$username";
|
|||
$file_to_delete = "$userfile";
|
||||
unlink ($homedir/$userfile);
|
||||
echo "$file_to_delete has been deleted!";
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
Since the username is postable from a user form, they can submit
|
||||
|
|
@ -361,7 +361,7 @@ $homedir = "/home/../etc/";
|
|||
$file_to_delete = "passwd";
|
||||
unlink ("/home/../etc/passwd");
|
||||
echo "/home/../etc/passwd has been deleted!";
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
There are two important measures you should take to prevent these
|
||||
|
|
@ -398,7 +398,7 @@ fputs ($fp, $logstring);
|
|||
fclose($fp);
|
||||
|
||||
echo "$file_to_delete has been deleted!";
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
Alternately, you may prefer to write a more customized check:
|
||||
|
|
@ -413,7 +413,7 @@ if (!ereg('^[^./][^/]*$', $userfile))
|
|||
die('bad filename'); //die, do not process
|
||||
|
||||
//etc...
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
Depending on your operating system, there are a wide variety of files
|
||||
|
|
@ -439,10 +439,11 @@ if (!ereg('^[^./][^/]*$', $userfile))
|
|||
as the function or file that failed, the PHP file it failed in,
|
||||
and the line number which the failure occured in. This is all
|
||||
information that can be exploited. It is not uncommon for a php
|
||||
developer to use show_source(), highlight_string(), or
|
||||
highlight_file() as a debugging measure, but in a live site, this
|
||||
can expose hidden variables, unchecked syntax, and other dangerous
|
||||
information.
|
||||
developer to use <function>show_source</function>,
|
||||
<function>highlight_string</function>, or
|
||||
<function>highlight_file</function> as a debugging measure, but in
|
||||
a live site, this can expose hidden variables, unchecked syntax,
|
||||
and other dangerous information.
|
||||
</simpara>
|
||||
<simpara>
|
||||
For example, the very style of a generic error indicates a system
|
||||
|
|
@ -502,7 +503,7 @@ fputs ($fp, $evil_var);
|
|||
system ($evil_var);
|
||||
exec ($evil_var);
|
||||
|
||||
?>
|
||||
?>
|
||||
</programlisting>
|
||||
</example>
|
||||
You should always carefully examine your code to make sure that any
|
||||
|
|
|
|||
Loading…
Reference in a new issue