mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
Dangerous characters in class name (bug #42744)
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@246618 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
parent
d4d4b3020b
commit
9ee41d2414
1 changed files with 9 additions and 1 deletions
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!-- $Revision: 1.8 $ -->
|
||||
<!-- $Revision: 1.9 $ -->
|
||||
<sect1 xml:id="language.oop5.autoload" xmlns="http://docbook.org/ns/docbook">
|
||||
<title>Autoloading Objects</title>
|
||||
<para>
|
||||
|
@ -28,6 +28,14 @@
|
|||
<link linkend="features.commandline">interactive mode</link>.
|
||||
</para>
|
||||
</note>
|
||||
<note>
|
||||
<para>
|
||||
If the class name is used e.g. in <function>call_user_func</function> then
|
||||
it can contain some dangerous characters such as <literal>../</literal>.
|
||||
It is recommended to not use the user-input in such functions or at least
|
||||
verify the input in <function>__autoload</function>.
|
||||
</para>
|
||||
</note>
|
||||
<para>
|
||||
<example>
|
||||
<title>Autoload example</title>
|
||||
|
|
Loading…
Reference in a new issue