News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TheDailyWTF.com:
Client-Side PHP
April 13, 2006 @ 07:03:29

The Daily WTF post for today bears mentioning if for nothing less than to show how to not do things. It has an interesting twist on the whole Ajax craze that's going on in the web today, and takes it to a really scary, pointless level.

The introduction of the XMLHttpRequest component (*) opened the doorway for a new breed of "fancy schmancy" web applications like Flickr, GMail, etc. This, in turn, spawned an entire sub-industry and a new series of buzzwords seemingly based on the names of household cleaning chemicals. It even incremented the current version of the Internet to 2.0.

That said, it should come as no surprise that this Borax-technology has also empowered "certain programmers" to create new perversions in information technology never imagined before. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I'll leave it to your immagination as to what the server-side looks like ...

You should definitely check out the code on this one - using evil() is bad enough, but passing code back to the PHP server like that is just wrong (and a huge security hole).

1 comment voice your opinion now!
thedailywtf client-side ajax xmlhttprequest eval thedailywtf client-side ajax xmlhttprequest eval


blog comments powered by Disqus

Similar Posts

DevArticles: Learning AJAX

The Bakery: Advanced Pagination (1.2)

Zend Developer Zone: AJAX Chat Part Tutorial 6 : Updating the User List

Joshua Eichorn's Blog: Adding AJAX to a Website step by step, Part II

Zend Developer Zone: AJAX Chat Tutorial Part 2


Community Events





Don't see your event here?
Let us know!


community wordpress configure framework laravel series podcast threedevsandamaybe developer introduction interview library application code list release language project bugfix api

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework