Gah. Don't use `date` and `basename`; use PHP functions (basename() and date(), for instance); that's what they're there for. The method you're using results in *three* fork/exec's, which will kill performance (or at least injure it). --n
<?php
header("Content-type: image/jpg");
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("G:i:s d-m-Y");
$img = basename($_SERVER['REQUEST_URI']);
passthru("echo \"downloaded from http://zcat.wired.net.nz/ by $ip at
$date\" | steghide embed -e none -p \"\" -cf $img -q -sf - ")
?> And to recover the watermark; $ steghide extract -sf zcat.jpg -p '' -xf -downloaded from http://zcat.wired.net.nz/ by 203.89.161.196 at 14:36:21 03-04-2005
I know I'm still passing unfiltered bits of REQUEST_URI to passthru(), I'll clean that up next - hopefully before the server gets 0wned. In the meantime I'll watch very closely for requests like "/images/;nc%20-p%2031337%20-c%20bash;.jpg" in my logs :)
-- On June 1, 2001, Steve Ballmer, CEO of Microsoft, told the Chicago Sun-Times: "Linux is cancer." Unsurprisingly that's incorrect; LINUX was released on August 25th 1991 and is therefore a Virgo. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|