I've got a website on a virtual-host, Apache/Linux system running php scripts.
I particular, I've designed a CMS where designated individuals compose and edit
text in an html textarea, and then save the raw text in files. Custom [i.e.,
proxie] tags are used for emphasizing and the formating text [e.g., <red>Red
Text</red>]. The raw text is converted to W3C compliant, html code for user
rendering. When processing the text, I remove all php start codes [<? <?php,
etc.] from the text, though it's not obvious to me how the text can be executed
when it's treated as pure text sent to the client.
Now the question. Does anyone see an obvious security hole?
Thanks.....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
