Yesterday 啄木鸟
, we used tools to assess the safety of our project, found that there are many security risks, including some of the path function of the most errors, such as:, and dirname
link
so on, want to ask, PHP, what is relatively safe Path substitution function or processing method ?
Reply content:
Yesterday 啄木鸟
, we used tools to assess the safety of our project, found that there are many security risks, including some of the path function of the most errors, such as:, and dirname
link
so on, want to ask, PHP, what is relatively safe Path substitution function or processing method ?
Eval is a big problem, to be more rigorous inspection, and the rest of course can not be completely ignored.
However, this check is only to provide reference, you can not say because it prompted you do not have to dirname it, such as dirname (__file__) This certainly no security risks, so the specific problem specific analysis.
Moreover, this thing feeling is not reliable, is to make a full-text search according to Dirname,link,eval? What's the point?
Does your boss still need a code audit? 2333