News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TheDailyWTF.com:
Client-Side PHP
April 13, 2006 @ 07:03:29

The Daily WTF post for today bears mentioning if for nothing less than to show how to not do things. It has an interesting twist on the whole Ajax craze that's going on in the web today, and takes it to a really scary, pointless level.

The introduction of the XMLHttpRequest component (*) opened the doorway for a new breed of "fancy schmancy" web applications like Flickr, GMail, etc. This, in turn, spawned an entire sub-industry and a new series of buzzwords seemingly based on the names of household cleaning chemicals. It even incremented the current version of the Internet to 2.0.

That said, it should come as no surprise that this Borax-technology has also empowered "certain programmers" to create new perversions in information technology never imagined before. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I'll leave it to your immagination as to what the server-side looks like ...

You should definitely check out the code on this one - using evil() is bad enough, but passing code back to the PHP server like that is just wrong (and a huge security hole).

1 comment voice your opinion now!
thedailywtf client-side ajax xmlhttprequest eval thedailywtf client-side ajax xmlhttprequest eval


blog comments powered by Disqus

Similar Posts

Zend Developer Zone: Security Tips #10, #11, and #12

php|architect: Writing an AJAX-based Visual Rating System with PHP

PHP-Learn-it.com: Starting with PHP and AJAX

Nik Chankov's Blog: 10 reasons to choose CakePHP as Framework

Zend Developer Zone: Notes from the Web Builder 2.0 Conference


Community Events





Don't see your event here?
Let us know!


threedevsandamaybe opinion release series developer code testing refactor unittest api install language interview list wordpress podcast laravel framework introduction community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework