On 27 Sep 2008, at 10:15, Manoj Singh wrote:
I am developing a web page where i have to display the files list
based on
some search criteria and of certain duration. My web server is on
linux
operating system. The command i am using for this peropse is:
find /home/test -mtime -$duration | sort | xargs grep -l
"$search_criteria"
Is any malicious user can use the search criteria to perform some bad
commands in the operating system.
If it is then please suggest how to prevent it.
http://uk.php.net/escapeshellarg should do what you need.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
