pacnpal/greptweet
1
0
Fork 0
mirror of https://github.com/thewesker/greptweet.git synced 2025-12-20 12:11:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Thanks to Claudio Mettler for pointing out I've had a PHP vulnerabilty in my code for years

Browse Source
This commit is contained in:
Kai Hendry
2014-07-11 18:13:26 +08:00
parent 99b336ef69
commit 9632b28658
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
grep.php
View File

@@ -3,7 +3,7 @@ header('Content-type: application/json');
if (empty($_GET['q'])) { die(); } if (empty($_GET['q'])) { die(); }
// Is this the correct way to sanitise args to shell from PHP? // Is this the correct way to sanitise args to shell from PHP?
$QUERY=urldecode(escapeshellarg(urlencode($_GET['q']))); $QUERY=escapeshellarg($_GET['q']);
// Debug Logging // Debug Logging
//$fp = fopen('debug.log', 'a'); //$fp = fopen('debug.log', 'a');