ID: 28909 Updated by: [EMAIL PROTECTED] Reported By: william at activeminds dot nl -Status: Open +Status: Bogus Bug Type: *General Issues Operating System: FreeBSD PHP Version: 4.3.7 New Comment:
php_exec_dir dir is not present in php code. Previous Comments: ------------------------------------------------------------------------ [2004-06-24 08:48:07] william at activeminds dot nl Description: ------------ It is possible to run commands and bypass the exec block. Reproduce code: --------------- $foo=`ps aux`; echo nl2br($foo); $foo=`;ps aux`; echo nl2br($foo); Expected result: ---------------- it bypasses the exec block and excutes the ps due to the `;` as bash interupts as a new command. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=28909&edit=1
