Dangerous characters in class name (bug #42744)

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@246618 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Jakub Vrana 2007-11-21 15:39:18 +00:00
parent d4d4b3020b
commit 9ee41d2414

View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.8 $ -->
<!-- $Revision: 1.9 $ -->
<sect1 xml:id="language.oop5.autoload" xmlns="http://docbook.org/ns/docbook">
<title>Autoloading Objects</title>
<para>
@ -28,6 +28,14 @@
<link linkend="features.commandline">interactive mode</link>.
</para>
</note>
<note>
<para>
If the class name is used e.g. in <function>call_user_func</function> then
it can contain some dangerous characters such as <literal>../</literal>.
It is recommended to not use the user-input in such functions or at least
verify the input in <function>__autoload</function>.
</para>
</note>
<para>
<example>
<title>Autoload example</title>