[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Steffen Kamper
info at sk-typo3.de
Sun Oct 5 09:00:25 CEST 2008
Hi,
"Dmitry Dulepov" <dmitry at typo3.org> schrieb im Newsbeitrag
news:mailman.1.1223185141.7287.typo3-team-core at lists.netfielders.de...
> Hi!
>
> Steffen Kamper wrote:
> > imho it doesn't work on windows as /dev isn't the same as c:/dev/
>
> Yes, it is. PHP allows any path separator and omitting drive part means
"current drive". This is often used as attack attempt on MS IIS. Something
like:
http://windowshost.com/script.asp?param=/windows/system32/cmd.exe%20-C%20echo%Y%20|%20del%20/*.*
>
ah ok, didn't knew that.
So if (is_readable('/dev/random') also work on windows, and no change is
needed, right?
vg Steffen
More information about the TYPO3-team-core
mailing list