Revision [536]
Last edited on 2007-05-15 02:11:08 by WikiAdminAdditions:
To illustrate that this is actually a serious problem, look at the following php file:
%%(php)
foreach($output as $k=>$v) {
echo htmlspecialchars($v)."
\n";
}
?>
I guess you don't want that. Nonetheless, exec() still read files according to system ACL. Deletion or running a script to delete another file is not allowed either.
%%(php)
foreach($output as $k=>$v) {
echo htmlspecialchars($v)."
\n";
}
?>
I guess you don't want that. Nonetheless, exec() still read files according to system ACL. Deletion or running a script to delete another file is not allowed either.
