extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-23 00:13:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

closed security hole of using evaled code to show globals vars (which contain eg. passwords)

Browse Source
This commit is contained in:
Ralf Becker 2002-05-13 14:46:47 +00:00
parent 77374edc32
commit 424e3ac8b2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
addressbook/csv_import.php
View File

@ -329,7 +329,8 @@
} }
if($val[0] == '@') if($val[0] == '@')
{ {
$val = 'return '.substr($val,1).';'; // removing the $ to close security hole of showing vars, which contain eg. passwords
$val = 'return '.substr(str_replace('$','',$val),1).';';
// echo "<p>eval('$val')="; // echo "<p>eval('$val')=";
$val = eval($val); $val = eval($val);
// echo "'$val'</p>"; // echo "'$val'</p>";