Closed Apogate closed 8 years ago
Reiterating my previous comment:
News->newsGetFile()
is still insecure, but slightly better.
If it's only used by that class, make it Was looking at an old commit.private
.
Also, redundant function names. If it's the News class why do function names start with news
?
for educational purposes, what about it is still insecure?
I thought if file_get_contents
is only permitted to access the two files and the function isn't accessible anywhere else, we'd be set?
It's spooky.
happy halloween
This is a second, more secure attempt at 1b06552df7e449f91c26772127295c3764f6aa1c
@RePod is this SECURE enough for you
It strips PHP opening tags and is hardcoded as to what files
newsGetFile()
can access.