[pmwiki-devel] eval function
editor at fast.st
Tue Dec 12 22:17:10 CST 2006
It was pointed out a line like the following can open a security vulnerability
eval("ZAP$mod('" . $field . "', '" . $value . "');");
as someone could enter "foo'); do-something-nasty(); print(' for the
user supplied value field, and that it should be "escaped". Could
someone explain how to do this, as I really need this line of code to
automatically detect and activate zap modules.
Thanks again to Stefan for help in pointing this out.
More information about the pmwiki-devel