OpenID in PHP

Kristopher Tate kris at
Wed Jun 29 13:15:32 PDT 2005

Ah, sorry about that last bit -- gotcha.

Here's a fix:

> //Get secret
>      $secret = shell_exec('cat
> /tmp/oid-shared_secret- 
> '.addcslashes($_GET['openid_assoc_handle'],';.\+*? 
> [^]($)#').'.secret');



On 2005/06/29, at 1:02 PM, Xageroth Sekarius wrote:

> secret is, but you were shell_exec'ing straight from a global
> variable. What prevents openid_assoc_handle from being set to
> something malicious? Maybe I misunderstood.

More information about the yadis mailing list