[PHP-WEBMASTER] [PHP-BUG] Req #65203 [NEW]: Please add a feature to report potentially dangerous code examples in comments

Thu, 04 Jul 2013 05:59:37 -0700 

From:             ryan at rmauger dot co dot uk
Operating system: n/a
PHP version:      Irrelevant
Package:          Website problem
Bug Type:         Feature/Change Request
Bug description:Please add a feature to report potentially dangerous code 
examples in comments

Description:
------------
Please allow us to report potentially dangerous or irresponsible code
examples 
from the comments, such as the one below, they do nothing for the
reputation of 
PHP, and could end up making their way into production servers of people
still 
learning their way in PHP.

Test script:
---------------
After trying extensively to make exec() work with various windows apache
mysql php servers i found one that works flawlessly called ampps, and wrote
this script that lets you run command prompt commands from a browser. You
can essentially run ipconfig, ping, tasklist or any command you normally
would sitting in front of your computer running command prompt (cmd).

Im running this on a windows 7 32 box using Softaculous AMPPS

<form action="" method="post">
<textarea name="code" cols="50" rows="10"></textarea><br>
<input type="submit" name="submit" value="Execute">
</form>

<?php

if (isset($_POST['submit'])){

$code = $_POST['code'];
    exec("$code", $output);
    
echo '<pre>';
print_r($output);

echo '</pre>';
    
}

?>


-- 
Edit bug report at https://bugs.php.net/bug.php?id=65203&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=65203&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=65203&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=65203&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=65203&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=65203&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=65203&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=65203&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=65203&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=65203&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=65203&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=65203&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=65203&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=65203&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65203&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=65203&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=65203&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=65203&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65203&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=65203&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=65203&r=mysqlcfg


-- 
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to