Skip to content

Security change proposed on forum #1

Merged
merged 1 commit into from Jun 20, 2011

2 participants

@yakatz yakatz commented on the diff Jun 19, 2011
getips.php
+// Old method
+// $xml= simplexml_load_file("http://sixy.ch/feed");
+
+//Doing stuff to get round php new secruty resistions
+//Have long wait for timeout for some reason getting to sixy was slow at time of testing
+$xml = loadXML2("sixy.ch","/feed", 100);
+
+touch($currentdir."ip.csv");
+
+if ($xml && !empty($xml))
+{
+
+foreach($xml->entry as $entry) {
+ $title = base64_encode($entry->title);
+ //getting ip from dig
+ $arip = preg_split("/((?<!\\\|\r)\n)|((?<!\\\)\r\n)/",trim(shell_exec("dig ".escapeshellcmd($entry->title)." AAAA +short")));
@yakatz
yakatz added a note Jun 19, 2011

This is the only line that actually changed. I am not sure why GitHub's diff is not working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@tactmaster tactmaster merged commit a2b0ef6 into tactmaster:master Jun 20, 2011
@tactmaster
Owner

yeap not sure what is going on there. maybe charset?

@tactmaster
Owner

Also line 23 need to be changed looking at it
$title = base64_encode($entry->title);
to
$title = base64_encode((escapeshellcmd($entry->title));
as that is used as the host name of tests later

i have updated this in the lataest commit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.