PHP bug or what?

i made a slight mistake on my PHP code this afternoon and some weird thing happened. just to make sure that this was not some random error, i repeated this several times using both my root and regular users to run the program. the same thing came out.

here are the few lines that caused this:

$source=$_FILES[‘$fsource’][‘$name’]; // this is the line where i made the mistake.

simple breakdown on the code:

  • $source is just a pointer to the file w/c gets uploaded. this file is a tar-bzipped archive.
  • the function extractExports($source) is my wrapper to a PEAR class. File_Archive to be exact.
  • the process then extracts the archive into a folder.

the error:

  • $_FILES[‘$fsource’][‘$name’] is obviously wrong.
  • [‘$fsource’] and [‘$name’] should’ve been [‘source’] and [‘name’] instead.

what came out:

…… (*.rules) <– a lot of udev rules for devices
… udev.conf
… fstab
… group
… mtab
… passwd

maybe i should report this ASAP to has anyone ever encountered anything like this? this might be an exploit or something.

Similar Posts:

Notice: This article was published on August 17, 2006 and the content above may be out of date.