How dangerous is eval()? — OZONE Asylum, home of the Mad Scientists

This page's ID: 28308

Edit Post

Who can edit a post?	The poster and administrators may edit a post. The poster can only edit it for a short while after the initial post.

Your User Name:
Your Password:
Login Options:	Remember Me On This Computer

Your Text: Insert Slimies » Insert UBB Code » Close Last Tag \| All Tags UBB Help	Yeh the only thing i am using eval for is JSON, will have to look up the sites with the script injection. I am parsing the data that comes to the eval function before it is eval()ed, so if you think they can still do damage let me know. The reason i dont see a way they can abuse the current system is that every input is verified, i have a bunch of regex functions which control what people can use in the inputs etc. And the only stuff going from php to JSON and through the eval function is either hard coded messages or variables i am returning from my database. Nothing that is directly related to user input goes through the eval... The front end of the website doesnt use JSON or eval() at all either, its only in the content managment system which the client logs into. So the client once logged in would have to do the malicous act also, which while itself is very low risk - i still want to make sure some clients employee who is one day getting the sack, cant destroy the system. [quote]And I'll stress that again: don't think -they- can't think of a way to screw you because you can't.[/quote] That is why i posted here... Loading...
Options:	Enable Slimies Enable Linkwords

Edit Post