extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 16:03:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

closed security hole of using evaled code to show globals vars (which contain eg. passwords)

Browse Source
This commit is contained in:
Ralf Becker 2002-05-13 14:46:47 +00:00
parent 77374edc32
commit 424e3ac8b2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
addressbook/csv_import.php
View File

@ -329,7 +329,8 @@
}
if($val[0] == '@')
{
$val = 'return '.substr($val,1).';';
// removing the $ to close security hole of showing vars, which contain eg. passwords
$val = 'return '.substr(str_replace('$','',$val),1).';';
// echo "<p>eval('$val')=";
$val = eval($val);
// echo "'$val'</p>";