[PHP-DOC] Note exposing possible sensitive information

Christopher Harrington Fri, 17 Oct 2003 10:22:00 -0700

I wanted to let you guys know that I came across someone foolishly giving up their account number and password in a note on the curl_setopt page. ( http://us3.php.net/manual/en/function.curl-setopt.php ) The excerpt is as follows...

$apayment = new APayments;

-----------------------------

You can use it this way:

$data = Array();

$data["AccountID"]            = 24883;
$data["PassPhrase"]            = urlencode(base64_decode("a2sxOTcx"));
$data["Payee_Account"]        = 43892;
$data["Amount"]                = number_format("10.329842", 2);
$data["Memo"]                = urlencode(stripslashes("Automatic Payment"));
$data["PAY_IN"]                = 1;
$data["WORTH_OF"]            = "Gold";
$data["IGNORE_RATE_CHANGE"]    = "Y";

$apayment->Pay($data);

echo $apayment->PROCES_DETAILS["Error"]; // possible error
echo $apayment->PROCES_DETAILS["Batch"]; // batch nr

I'd hate to see someone abuse this information. Could a documentation editor conceal the sensitive bits (AccountID and PassPhrase) so this person contributing very useful code doesn't end up having his account hijacked?

Thanks...
-Christopher Harrington

[PHP-DOC] Note exposing possible sensitive information

Reply via email to