Bugtraq mailing list archives
Re: PHP Net Toolpack: input validation error
From: Jon Ribbens <jon+bugtraq () unequivocal co uk>
Date: Tue, 19 Mar 2002 16:37:45 +0000
ppp-design <security () ppp-design de> wrote:
You can use escapeshellcmd() to check the input for unwanted characters. So you can replace the bad line in the traceroute function with the following two lines: $sec_input=escapeshellcmd($a_query); exec("/sbin/traceroute $sec_input",$ret_strs);
Note that this does not do what you think it does. escapeshellcmd is not the right function to use - at the very least, people can still pass more than one parameter to traceroute when you only want them to be able to pass one. The correct function to use is escapeshellarg.
Current thread:
- PHP Net Toolpack: input validation error ppp-design (Mar 18)
- Re: PHP Net Toolpack: input validation error Jon Ribbens (Mar 20)