[nycphp-talk] Addcslashes bug
Cliff Hirsch
cliff at pinestream.com
Tue Feb 12 07:15:37 EST 2008
> This doesn't make sense. How would a slashing failure lead to a parse
> error? Parsing should always happen first. Were you hacked? Are you
> sure it isn't an unsafe include?
No eval() in the code.
PEAR Config writes a PHP array file like so:
<?php
$config = array(
param1 => 'value',
param2 => 'val'ue2',
...
);
The writing process is what failed to generate the backslash. The parsing
happens on subsequent page loads. The strange thing is that I have not been
able to reproduce the error and I looked the the PEAR Config code, which
does use addcslashes($val, "\\'").
More information about the talk
mailing list