On Sat, 2008-09-27 at 14:45 +0530, Manoj Singh wrote: > Hi All, > I am developing a web page where i have to display the files list based on > some search criteria and of certain duration. My web server is on linux > operating system. The command i am using for this peropse is: > > find /home/test -mtime -$duration | sort | xargs grep -l "$search_criteria" > > Is any malicious user can use the search criteria to perform some bad > commands in the operating system. > > If it is then please suggest how to prevent it. > > Please help me out. > > Best Regards, > Manoj Kumar Singh It's likely yes, unless you validate the search criteria in any way, you're just asking for trouble. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
