I accept a regex search term posted from a form, but I use $_REQUEST, so a
person could throw the search term on the url if they wanted to.
Am I open to any security breaches ?
$search_term = isset ($_REQUEST ['search']) ? $_REQUEST ['search'] : '';
if ($search_term != "") {
...
$contents = join ("", file($file));
if (preg_match ("/$search_term/i", $contents)) {
}
...
}
Thanks,
--
Richard A. DeVenezia
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
