Edit report at https://bugs.php.net/bug.php?id=65203&edit=1
ID: 65203
Updated by: danbr...@php.net
Reported by: ryan at rmauger dot co dot uk
Summary: Please add a feature to report potentially dangerous
code examples in comments
-Status: Open
+Status: Feedback
Type: Feature/Change Request
Package: Website problem
Operating System: n/a
PHP Version: Irrelevant
Block user comment: N
Private report: N
New Comment:
No, it didn't miss the point, it was merely an update, Ryan. Otherwise I'd
have
closed the report.
Previous Comments:
------------------------------------------------------------------------
[2013-07-09 17:55:40] ryan at rmauger dot co dot uk
This response seems to miss the point, yes that comment may have been removed,
but
the fact remains that there is no way for people to highlight other new ones,
besides reporting here,
Given the difference in effort between simply clicking a button to push a
comment
into a moderation queue, and to fill out a report here, it is clear which would
be
a more successful mechanism.
------------------------------------------------------------------------
[2013-07-09 17:24:06] danbr...@php.net
It appears that someone else already removed the mentioned user note, but as
for
"comments" being threaded, note that it says, in very large, bold text, that
those types of contributions do not belong on the site.
------------------------------------------------------------------------
[2013-07-09 14:44:23] josh at servebyte dot com
Agreed. Even finding replies to comments is challenging. Replies to comments
should be under the related comment.
------------------------------------------------------------------------
[2013-07-04 12:58:57] ryan at rmauger dot co dot uk
Description:
------------
Please allow us to report potentially dangerous or irresponsible code examples
from the comments, such as the one below, they do nothing for the reputation of
PHP, and could end up making their way into production servers of people still
learning their way in PHP.
Test script:
---------------
After trying extensively to make exec() work with various windows apache mysql
php servers i found one that works flawlessly called ampps, and wrote this
script that lets you run command prompt commands from a browser. You can
essentially run ipconfig, ping, tasklist or any command you normally would
sitting in front of your computer running command prompt (cmd).
Im running this on a windows 7 32 box using Softaculous AMPPS
<form action="" method="post">
<textarea name="code" cols="50" rows="10"></textarea><br>
<input type="submit" name="submit" value="Execute">
</form>
<?php
if (isset($_POST['submit'])){
$code = $_POST['code'];
exec("$code", $output);
echo '<pre>';
print_r($output);
echo '</pre>';
}
?>
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65203&edit=1
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
