From 9ee41d241455bc7af83b7639e116b7034755887c Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Wed, 21 Nov 2007 15:39:18 +0000 Subject: [PATCH] Dangerous characters in class name (bug #42744) git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@246618 c90b9560-bf6c-de11-be94-00142212c4b1 --- language/oop5/autoload.xml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/language/oop5/autoload.xml b/language/oop5/autoload.xml index 85cb389b5f..e2496defd0 100644 --- a/language/oop5/autoload.xml +++ b/language/oop5/autoload.xml @@ -1,5 +1,5 @@ - + Autoloading Objects @@ -28,6 +28,14 @@ interactive mode. + + + If the class name is used e.g. in call_user_func then + it can contain some dangerous characters such as ../. + It is recommended to not use the user-input in such functions or at least + verify the input in __autoload. + + Autoload example