Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TheDailyWTF.com:
Client-Side PHP
Apr 13, 2006 @ 12:03:29

The Daily WTF post for today bears mentioning if for nothing less than to show how to not do things. It has an interesting twist on the whole Ajax craze that's going on in the web today, and takes it to a really scary, pointless level.

The introduction of the XMLHttpRequest component (*) opened the doorway for a new breed of "fancy schmancy" web applications like Flickr, GMail, etc. This, in turn, spawned an entire sub-industry and a new series of buzzwords seemingly based on the names of household cleaning chemicals. It even incremented the current version of the Internet to 2.0.

That said, it should come as no surprise that this Borax-technology has also empowered "certain programmers" to create new perversions in information technology never imagined before. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I'll leave it to your immagination as to what the server-side looks like ...

You should definitely check out the code on this one - using evil() is bad enough, but passing code back to the PHP server like that is just wrong (and a huge security hole).

tagged: thedailywtf client-side ajax xmlhttprequest eval thedailywtf client-side ajax xmlhttprequest eval

Link:

TheDailyWTF.com:
Client-Side PHP
Apr 13, 2006 @ 12:03:29

The Daily WTF post for today bears mentioning if for nothing less than to show how to not do things. It has an interesting twist on the whole Ajax craze that's going on in the web today, and takes it to a really scary, pointless level.

The introduction of the XMLHttpRequest component (*) opened the doorway for a new breed of "fancy schmancy" web applications like Flickr, GMail, etc. This, in turn, spawned an entire sub-industry and a new series of buzzwords seemingly based on the names of household cleaning chemicals. It even incremented the current version of the Internet to 2.0.

That said, it should come as no surprise that this Borax-technology has also empowered "certain programmers" to create new perversions in information technology never imagined before. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I'll leave it to your immagination as to what the server-side looks like ...

You should definitely check out the code on this one - using evil() is bad enough, but passing code back to the PHP server like that is just wrong (and a huge security hole).

tagged: thedailywtf client-side ajax xmlhttprequest eval thedailywtf client-side ajax xmlhttprequest eval

Link:


Trending Topics: