OpenID in PHP
Kristopher Tate
kris at bbridgetech.com
Wed Jun 29 13:15:32 PDT 2005
Ah, sorry about that last bit -- gotcha.
Here's a fix:
> //Get secret
> $secret = shell_exec('cat
> /tmp/oid-shared_secret-
> '.addcslashes($_GET['openid_assoc_handle'],';.\+*?
> [^]($)#').'.secret');
Thanks,
-Kris
On 2005/06/29, at 1:02 PM, Xageroth Sekarius wrote:
> secret is, but you were shell_exec'ing straight from a global
> variable. What prevents openid_assoc_handle from being set to
> something malicious? Maybe I misunderstood.
More information about the yadis
mailing list