Skip to content

Instantly share code, notes, and snippets.

@ts0818
Created November 5, 2015 08:07
Show Gist options
  • Save ts0818/34db844ef89dcdb412f6 to your computer and use it in GitHub Desktop.
Save ts0818/34db844ef89dcdb412f6 to your computer and use it in GitHub Desktop.
パーフェクトPHP eval攻撃対応方法 
<?php
$string = 'こたんたにたちたわた、世界!';
// 入力された文字列が$string変数に含まれている場合だけ処理を行う
if (strpos($string, $_GET['keyword']) !== false) {
eval("echo htmlspecialchars(str_replace('".$_GET['keyword'].
"','', '".$string."'), ENT_QUOTES, 'UTF-8');");
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment