Re: php mail function bypass safe_mode restriction

Thu, 19 Jul 2001 11:57:14 -0700 

Laurent Sintes <[EMAIL PROTECTED]> wrote:
> extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4]));
> 
> But it is not a suffisant check because php_escape_shell_arg
> does not escape all charaters.

False. escape_shell_arg will successfully escape all characters from
shells.

Reply via email to