Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Added another major PHP security issue in their example code. #37

merged 1 commit into from

2 participants


I'm on Freenode under Snowman23 or ss23 to discuss if needed


sweet! thx. :)

@paulirish paulirish merged commit bb07661 into paulirish:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 0 deletions.
  1. +10 −0 index.html
10 index.html
@@ -1330,6 +1330,16 @@ <h1 id="intervention"><b>W3Schools</b> An Intervention</h1>
attacks and should never have been posted. It contravenes every best practice.
+ <li id="php_file_upload">
+ <a href="#php_file_upload" class="wrap">#</a>
+ <a href="" rel="nofollow" class="w3s-link"></a>
+ <blockquote><pre><code>move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);</code></pre></blockquote>
+ <p>
+ Anyone could upload a file with a name like "../hacked.php", and PHP would happily write it.
+ It is not okay to do no validation on a file upload, this is a massive security risk
+ </p>
+ </li>
<li id="specs">
<a href="#specs" class="wrap">#</a>
Something went wrong with that request. Please try again.