On Sat, 2008-04-12 at 09:05 -0500, Ray Hauge wrote: > > you might be able to leverage a call to expr on a bash sell. Just > replace the variables you're expecting with preg_replace or some similar > function. > > http://hacktux.com/bashmath > http://sysblogd.wordpress.com/2007/08/26/let-bash-do-the-math-doing-calculations-using-that-bash/ > > I'm not sure if that's any more secure than eval though.
Good idea Ray. I'm thinking that it might be safer to exec a separate app - preferably sandboxed. That way it could still be PHP (or anything else really) but without the headache of compromising the main application. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
