Re: shell script cgi

From: mlh (mlhat_private)
Date: Sat Nov 16 2002 - 14:48:37 PST

Next message: Jens Rantil: "Re: PHP"

Previous message: Rajko Zschiegner: "Re: shell script cgi"
In reply to: Rajko Zschiegner: "RE: shell script cgi"
Next in thread: Brian Hatch: "Re: shell script cgi"
Next in thread: Rajko Zschiegner: "Re: shell script cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm convinced there is no way in this particular
statement, given that the var is in quotes.

All you're doing after all is echoing it, which
only does one level of interpretation, which in
this case is removing the quuotes.


Of course, some values may be more dangerous
for statements further on in the code.

e.g.
HTTP_USER_AGENT='`cat /etc/passwd`'


Matt

Next message: Jens Rantil: "Re: PHP"
Previous message: Rajko Zschiegner: "Re: shell script cgi"
In reply to: Rajko Zschiegner: "RE: shell script cgi"
Next in thread: Brian Hatch: "Re: shell script cgi"
Next in thread: Rajko Zschiegner: "Re: shell script cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 16 2002 - 17:13:11 PST