sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a couple of mistakes

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@33253 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Rasmus Lerdorf 2000-10-02 05:23:18 +00:00
parent 0834a102fe
commit d34d225b86
2 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
chapters/security.xml
View file

@ -301,7 +301,7 @@ AddHandler php3-script .php3
interface is regularly used for file management, so the Apache user
is allowed to delete files in the user home directories.
</simpara>
<simpara>
<para>
<example>
<title>Filesystem attack</title>
<programlisting role="php">
@ -318,12 +318,12 @@ echo "$file_to_delete has been deleted!";
Since the username is postable from a user form, they can submit
a username and file belonging to someone else, and delete files.
In this case, you'd want to use some other form of authentication.
</simpara>
</para>
</sect1>
<sect1 id="security.variables">
<title>User Submitted Data</title>
<simpara>
<para>
The greatest weakness in many PHP programs is not inherent in the
language itself, but merely an issue of code not being written with
security in mind. For this reason, you should always take the time
@ -360,8 +360,8 @@ exec ($evil_var);
<simpara>
Can unusual or undesirable data be acted upon?
</simpara>
<listitem>
</listitem>
<listitem>
<simpara>
Can this script be used in unintended ways?
</simpara>
@ -381,7 +381,7 @@ exec ($evil_var);
By adequately asking these questions while writing the script,
rather than later, you prevent an unfortunate re-write when you
need to oncrease your security.
</simpara>
</para>
</sect1>
</chapter>

10
security/index.xml
View file

@ -301,7 +301,7 @@ AddHandler php3-script .php3
interface is regularly used for file management, so the Apache user
is allowed to delete files in the user home directories.
</simpara>
<simpara>
<para>
<example>
<title>Filesystem attack</title>
<programlisting role="php">
@ -318,12 +318,12 @@ echo "$file_to_delete has been deleted!";
Since the username is postable from a user form, they can submit
a username and file belonging to someone else, and delete files.
In this case, you'd want to use some other form of authentication.
</simpara>
</para>
</sect1>
<sect1 id="security.variables">
<title>User Submitted Data</title>
<simpara>
<para>
The greatest weakness in many PHP programs is not inherent in the
language itself, but merely an issue of code not being written with
security in mind. For this reason, you should always take the time
@ -360,8 +360,8 @@ exec ($evil_var);
<simpara>
Can unusual or undesirable data be acted upon?
</simpara>
<listitem>
</listitem>
<listitem>
<simpara>
Can this script be used in unintended ways?
</simpara>
@ -381,7 +381,7 @@ exec ($evil_var);
By adequately asking these questions while writing the script,
rather than later, you prevent an unfortunate re-write when you
need to oncrease your security.
</simpara>
</para>
</sect1>
</chapter>