This is about a user-supplied field containing '$' having the '$' being treated as the special char that it is.
Since no one else seems to have mentioned it: Inserting unchecked user-supplied text into a program and then reparsing, which is what this seems to amount to, it is a horrible security situation. In the worst case, an attacker gets complete control of your system. A similar exploit has been used to make RFID tags trick the database system that queries them into executing arbitrary code. -- W. Randolph Franklin [EMAIL PROTECTED] (Plaintext preferred; attachments deprecated) http://wrfranklin.org/ _______________________________________________ pmwiki-devel mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
