Laurent Sintes <sintesat_private> wrote: > extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4])); > > But it is not a suffisant check because php_escape_shell_arg > does not escape all charaters. False. escape_shell_arg will successfully escape all characters from shells.
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 12:16:48 PDT