On Tue, April 24, 2007 11:16 am, Rasmus Lerdorf wrote:
> Chris Malton wrote:
>> // secure variables from outside
>> $modxtags = array('@<script[^>]*?>.*?</script>@si',
>> '@&#(\d+);@e',
>> '@\[\[(.*?)[EMAIL PROTECTED]',
>> '@\[!(.*?)[EMAIL PROTECTED]',
>> '@\[\~(.*?)[EMAIL PROTECTED]',
>> '@\[\((.*?)\)[EMAIL PROTECTED]',
>> '@{{(.*?)[EMAIL PROTECTED]',
>> '@\[\*(.*?)[EMAIL PROTECTED]');
>> foreach($_POST as $key => $value) {
>> $_POST[$key] = preg_replace($modxtags,"", $value);
>> }
>> foreach($_GET as $key => $value) {
>> $_GET[$key] = preg_replace($modxtags,"", $value);
>> }
>
> I find this part funny. I wonder what they think this is securing.
I was also amused by their setting of error_reporting to not have
E_NOTICE, which immediately disqualifies it for my use.
And then setting the display_errors as the second to last line in the
file...
If you're relying on the PHP script to change that kind of stuff, it
ought to be much much sooner in the file.
Like at the very top.
[shrug]
At any rate, an infinite loop attempting to re-connect to the
database, or, possibly, a CMS with so MANY queries that it looks like
an infinite loop of connecting to the database...
Still, it probably shouldn't segfault, eh?
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
