Commit f41e2253 authored by Clemens John's avatar Clemens John

Check if method exists to prevend execution of arbitrary code

Signed-off-by: Clemens John's avatarClemens John <clemens.john@floh1111.de>
parent d9645874
......@@ -3,17 +3,20 @@
require_once('./lib/api/map.class.php');
class Api {
function __construct() {
if (isset($_GET['class']) AND isset($_GET['section']))
eval($_GET['class']."::".$_GET['section']."();");
elseif(isset($_POST['class']) AND isset($_POST['section']))
eval($_POST['class']."::".$_POST['section']."();");
else
echo "data incomplete";
die();
}
function __construct() {
if (isset($_REQUEST['class']) AND isset($_REQUEST['section'])) {
if(method_exists($_REQUEST['class'], $_REQUEST['section'])) {
eval($_REQUEST['class']."::".$_REQUEST['section']."();");
} else {
echo "Class or section does not exist.";
}
} else {
echo "Data incomplete.";
}
die();
}
}
new api;
new Api;
?>
?>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment