[pmwiki-devel] eval function

The Editor editor at fast.st
Tue Dec 12 22:17:10 CST 2006

It was pointed out a line like the following can open a security vulnerability

 eval("ZAP$mod('" . $field . "', '" . $value . "');");

as someone could enter "foo'); do-something-nasty(); print(' for the
user supplied value field, and that it should be "escaped".  Could
someone explain how to do this, as I really need this line of code to
automatically detect and activate zap modules.

Thanks again to Stefan for help in pointing this out.


More information about the pmwiki-devel mailing list