While I'm..*grossly* against the /e switch (or eval()s in general) at
all (and its use with tainted sources even moreso), I realize my whinning
and moaning isn't going to change the fact /e and eval() exist and are used.
But here's a thought...
How about a /E switch to preg_replace which would
Just one more example. Even when using double quotes, it
is possible to execute code:
Again, assume $a comes from a tainted source.
-James
On Mon, 3 Feb 2003, James E. Flemer wrote:
> A warning about preg_replace() command needs to be added to
> the docs page for this command. The preg_repl
