[pLog-svn] php security scanner
Jon Daley
plogworld at jon.limedaley.com
Tue Jul 4 20:28:03 GMT 2006
Is this eval necessary? Couldn't it just be written something like:
$this->_$key = $parts["$key"];
Is there any advantage using the eval?
(I try to avoid evals and execs for general paranoia)
url.class.php:
function _calculateFields() {
$parts = parse_url( $this->_url );
$keys = Array( "scheme", "host", "port", "user", "pass",
"path", "query", "fragment" );
// this saves us time ;)
foreach( $keys as $key ) {
if (isset($parts[$key])) {
$line = "\$this->_$key = \$parts[\"$key\"];";
eval($line);
}
}
}
More information about the pLog-svn
mailing list