OpenID in PHP
Kristopher Tate
kris at bbridgetech.com
Wed Jun 29 22:26:39 PDT 2005
Done and done.
//Get secret; protects against all characters with ASCII code between 0
and 31 : . \ + * ? [ < ^ > ] ( $ ) #
$secret = shell_exec('cat
/tmp/oid-shared_secret-
'.addcslashes($_GET['openid_assoc_handle'],'\0..\37;.\+*?
[<^>]($)#').'.secret');
Should be good, no?
-Kris
(PS, Damn the reply-to!)
On 2005/06/29, at 9:19 PM, Phil Harnish wrote:
> What if they just encode a newline and add a more malicious shell
> command of their own?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 510 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20050629/a534d6d9/attachment.bin
More information about the yadis
mailing list