2010/4/25 Michelle Konzack <linux4miche...@tamay-dogan.net>:
> Hi,
> I have a code sniplet which does not work and I do not know why:
> ----8<------------------------------------------------------------------
>  $isfile=shell_exec("ls /tmp/tdphp-vserver/SESSION_" . 
> $_SERVER['REMOTE_ADDR'] . "_" . $_COOKIE['VSERVER_AUTHUSER'] . "_* |head 
> -n1");

Hi Michelle,
I would recommend not to let any user input to your shell. This piece
of code is very insecure as any client may manipulate the shell
command at will.
You don't want people to take over your server that easily.

See http://www.php.net/escapeshellcmd and alike.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to