Thank you Richard. I will test that (piping the output). Regarding my
concerns about rubbing security by not validating the included
code, I actually meant that the script does not validate where the
included PHP script is coming from. Could someone set the
environmental variable
Hello.
Since my ISP does not provide the tidy module for Apache, I tested
writing a wrapper script for a locally installed tidy binary. In
general, the script is triggered by a modification to the .htaccess
file like so:
AddHandler server-parsed .php
Action server-parsed
Did you try to use - as the file and pipe the output?...
That might work...
As far as the Tidy not validating the included PHP, I'm not sure what
you mean, but I don't see this making the PHP code any less secure
than it was before you wrapped Tidy around it...
On Fri, August 4, 2006 6:21 am,
3 matches
Mail list logo