injection

new topic     » goto parent     » topic index » view thread      » older message » newer message

system( ... , int )

Instead of passing a string with system() a better function should take what would be formated like the return value of command_line().

shell_execute( { "/bin/rm", file_name } ) illistrative use only

There are all kinds of problems using system( "rm file_name", 0 ). Imagine if the user installs the program under Program Files and this call is for deleting for an uninstall. The system answers as it cannot find the file c:\Programs.

Shawn

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu