Hi, Jason Wong wrote: > To put it simply you would have to check *extremely* carefully the user > input to ensure that it is not malicious, and that it is what it should > be. I believe your original problem was about writing procmail files. No, not exactly. Thank you just the same, you bring up another good point. In the extreme case, when I want to be really sure of the file, I have to parse it, just as I parse all other data from the user. Yikes, that's a lot of work! I'm counting on not doing that, but making sure I escape_cmd or whatever it's called -- isn't that almost as good? - Niels -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
