security - Prove this PHP Eval of Function Dangerous -
security - Prove this PHP Eval of Function Dangerous -
i looking @ next block of code , cannot find working illustration of how eval unsafe in specific case.
i realize eval dangerous, never used, there improve ways it, etc own curiosity want define how code block dangerous.
in case below $z's value controlled user single quoted (and -as far know- hence cannot explode variable). applying single quote within of $z break string not possible.
function bar($x) { echo $x; } $z = 'user controlled input'; eval("bar(\$z);");
well if forgot escape $z like:
$z = '); unlink('/files/importantfile.data'); in case, there nothing wrong other potential forgot escaping!
php security
Comments
Post a Comment