[nycphp-talk] Dynamically write functions
Flavio daCosta
nyphp at n0p.net
Fri May 13 12:44:40 EDT 2005
On Fri, 2005-05-13 at 11:59 -0400, Frank Wong wrote:
> Thanks for the heads up on extract. But do you see any security issues
> with extract($_GLOBALS)?
Heh, trick question.
In theory it appears fine seeing as the variables were somehow global in
the first place, you are just brining them into a function.
However:
Many times exploits are not just one obvious blaring problem, but a
series of ~questionable~ issues coupled together. In general, I just
consider extract() to be one of those questionable functions.
You said:
> I find myself going into every function to add 'global $bar1;'
But aren't you in the functions anyway actually utilizing the _new_
global variable. I dont understand why you would need them in _every_
function if you aren't actually in the function coding to them...
Flavio
More information about the talk
mailing list