From 9611119c11dfe4a71baf65b96aaddc93385e8fe6 Mon Sep 17 00:00:00 2001
From: Damien Seguy <dams@php.net>
Date: Mon, 15 Jan 2001 08:36:44 +0000
Subject: [PATCH] show_source() -> <function>show_source</function>

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@39530 c90b9560-bf6c-de11-be94-00142212c4b1
---
 chapters/security.xml | 19 ++++++++++---------
 security/index.xml    | 19 ++++++++++---------
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/chapters/security.xml b/chapters/security.xml
index 4e5a2ebf62..50a5b90316 100644
--- a/chapters/security.xml
+++ b/chapters/security.xml
@@ -342,7 +342,7 @@ $homedir = "/home/$username";
 $file_to_delete = "$userfile";
 unlink ($homedir/$userfile);
 echo "$file_to_delete has been deleted!";
-?>
+?&gt;
      </programlisting>
     </example>
    Since the username is postable from a user form, they can submit
@@ -361,7 +361,7 @@ $homedir = "/home/../etc/";
 $file_to_delete = "passwd";
 unlink ("/home/../etc/passwd");
 echo "/home/../etc/passwd has been deleted!";
-?>
+?&gt;
      </programlisting>
     </example>   
     There are two important measures you should take to prevent these
@@ -398,7 +398,7 @@ fputs ($fp, $logstring);
 fclose($fp);
 
 echo "$file_to_delete has been deleted!";
-?>
+?&gt;
      </programlisting>
     </example>
     Alternately, you may prefer to write a more customized check:
@@ -413,7 +413,7 @@ if (!ereg('^[^./][^/]*$', $userfile))
     die('bad filename'); //die, do not process
     
 //etc...
-?>
+?&gt;
      </programlisting>
     </example> 
     Depending on your operating system, there are a wide variety of files
@@ -439,10 +439,11 @@ if (!ereg('^[^./][^/]*$', $userfile))
     as the function or file that failed, the PHP file it failed in,
     and the line number which the failure occured in. This is all
     information that can be exploited.  It is not uncommon for a php
-    developer to use show_source(), highlight_string(), or
-    highlight_file() as a debugging measure, but in a live site, this
-    can expose hidden variables, unchecked syntax, and other dangerous
-    information.
+    developer to use <function>show_source</function>, 
+    <function>highlight_string</function>, or 
+    <function>highlight_file</function> as a debugging measure, but in 
+    a live site, this can expose hidden variables, unchecked syntax, 
+    and other dangerous information.
    </simpara>
    <simpara>
     For example, the very style of a generic error indicates a system
@@ -502,7 +503,7 @@ fputs ($fp, $evil_var);
 system ($evil_var);
 exec ($evil_var);
 
-?>
+?&gt;
      </programlisting>
     </example>
     You should always carefully examine your code to make sure that any
diff --git a/security/index.xml b/security/index.xml
index 4e5a2ebf62..50a5b90316 100644
--- a/security/index.xml
+++ b/security/index.xml
@@ -342,7 +342,7 @@ $homedir = "/home/$username";
 $file_to_delete = "$userfile";
 unlink ($homedir/$userfile);
 echo "$file_to_delete has been deleted!";
-?>
+?&gt;
      </programlisting>
     </example>
    Since the username is postable from a user form, they can submit
@@ -361,7 +361,7 @@ $homedir = "/home/../etc/";
 $file_to_delete = "passwd";
 unlink ("/home/../etc/passwd");
 echo "/home/../etc/passwd has been deleted!";
-?>
+?&gt;
      </programlisting>
     </example>   
     There are two important measures you should take to prevent these
@@ -398,7 +398,7 @@ fputs ($fp, $logstring);
 fclose($fp);
 
 echo "$file_to_delete has been deleted!";
-?>
+?&gt;
      </programlisting>
     </example>
     Alternately, you may prefer to write a more customized check:
@@ -413,7 +413,7 @@ if (!ereg('^[^./][^/]*$', $userfile))
     die('bad filename'); //die, do not process
     
 //etc...
-?>
+?&gt;
      </programlisting>
     </example> 
     Depending on your operating system, there are a wide variety of files
@@ -439,10 +439,11 @@ if (!ereg('^[^./][^/]*$', $userfile))
     as the function or file that failed, the PHP file it failed in,
     and the line number which the failure occured in. This is all
     information that can be exploited.  It is not uncommon for a php
-    developer to use show_source(), highlight_string(), or
-    highlight_file() as a debugging measure, but in a live site, this
-    can expose hidden variables, unchecked syntax, and other dangerous
-    information.
+    developer to use <function>show_source</function>, 
+    <function>highlight_string</function>, or 
+    <function>highlight_file</function> as a debugging measure, but in 
+    a live site, this can expose hidden variables, unchecked syntax, 
+    and other dangerous information.
    </simpara>
    <simpara>
     For example, the very style of a generic error indicates a system
@@ -502,7 +503,7 @@ fputs ($fp, $evil_var);
 system ($evil_var);
 exec ($evil_var);
 
-?>
+?&gt;
      </programlisting>
     </example>
     You should always carefully examine your code to make sure that any