injection
- Posted by Shawn Pringle Jul 13, 2008
- 723 views
system( ... , int )
Instead of passing a string with system() a better function should take what would be formated like the return value of command_line().
shell_execute( { "/bin/rm", file_name } ) illistrative use only
There are all kinds of problems using system( "rm file_name", 0 ). Imagine if the user installs the program under Program Files and this call is for deleting for an uninstall. The system answers as it cannot find the file c:\Programs.
Shawn