Just one more example. Even when using double quotes, it
is possible to execute code:
Again, assume $a comes from a tainted source.
-James
On Mon, 3 Feb 2003, James E. Flemer wrote:
> A warning about preg_replace() command needs to be added to
> the docs page for this command
comes from an untrusted source,
i.e. a get/post/cookie/header variable.)
-James
-- Forwarded message --
Date: Mon, 3 Feb 2003 01:04:23 -0500 (EST)
From: James E. Flemer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DEV] preg_replace oddity [exploitable]
I found
ed to
deal with key words used as variable names. Thanks for
pointing it out.
-James
On Sun, 19 Jan 2003, Derick Rethans wrote:
> On Sun, 19 Jan 2003, James E. Flemer wrote:
>
> > I am about 90% done writing a bison grammar for PHP, but
> > will have to do some code reading to fi
The operator precedence table[1] is missing several
operators. The following operators are missing:
"->"class member operator
"::"scope resolution operator
"<>"not equals (same precedence as "!=" ?)
Also missing are a few casts: (bool), (boolean), (real),
(double), (integer). Though
[ Please CC me on replies, I am only on php-dev ... or
should the be on dev, not doc? ]
php-lang is dead then I take it? Or was this just
overlooked?
-James
-- Forwarded message --
Date: Sat, 11 May 2002 11:49:51 -0400 (EDT)
From: James E. Flemer <[EMAIL PROTECTED]>
T
On Sat, 11 May 2002 [EMAIL PROTECTED] wrote:
> On Sat, 11 May 2002, Yasuo Ohgaki wrote:
>
> [...]
>
> > IMHO, we need someone who documents language design
>
> Actually, we need someone to finish this:
>
> http://cvs.php.net/cvs.php/php-lang
>
> regards,
> Derick
[ Please CC me on replies, I