Re: php create_function commond injection vulnerability

Are you kidding ?

As the PHP manual said "if you use double quotes there will be a need to escape the variable names".

In your example you use a function with double quotes, without escaping the variable $sort_by, so
this is not a PHP vulnerability, but a development one.

For this time, don't blame PHP, blame developers.
It's like if I was using mysql_query() without escaping user's inputs...an sql injection, not a PHP vuln ;)

Relevant Pages

  • Re: [PHP] Optimized PHP
    ... quotes "s where needed as they are parsed by PHP and instead use single ... echo 'This is some text'. ... by PHP looking for variables or other escaped characters. ... In an application where I am having some different settings for each of the ...
    (php.general)
  • RE: [PHP] Cannot send a hyperlink
    ... Yes you do not need quotes in the mailfunction. ... [PHP] Cannot send a hyperlink ... Your problem is the Headers are missing which allows the html content to ...
    (php.general)
  • Re: nesting JS in echos
    ... from html to php. ... the conversion went well, it was to use a php session cookie to stop the ... single quotes and double quotes needed in the doc.write and variable ... my mistake was to leave the image path in single quotes; ...
    (comp.lang.php)
  • Re: nesting JS in echos
    ... i'm trying to bury a JS script to rotate a photo, ... converted from html to php. ... syntax of the single quotes and double quotes needed in the ...
    (comp.lang.php)
  • RE: [PHP] sloppy use of constants as strings. WAS: What does "<<<" mean?
    ... "A key may be either an integer or a string. ... heredoc, ... Those are raw PHP syntax strings, with no delimiters to set them off ... quotes and heredoc! ...
    (php.general)