Yes, but the code is simple. Secondly, all you need is a bit of 'magic' in the 'find' text box that the code looks for. If it exists then strip the 'magic' and proceed - if not, exit; Also, as I keep reiterating, this is a private page, on my own server, using my own code, with a hidden page that only I know ~ there really is no danger, Will Robinson'. I am not stupid. Nick
| [reply] [Watch: Dir/Any] |
Yes, but the code is simple. Secondly, all you need is a bit of 'magic' in the 'find' text box that the code looks for. If it exists then strip the 'magic' and proceed - if not, exit;
Also, as I keep reiterating, this is a private page, on my own server, using my own code, with a hidden page that only I know ~ there really is no danger, Will Robinson'. I am not stupid. Its your choice if you want to use string eval, there is nothing to debate there, no need to justify your choice, you made the choice its yours
but calling it "safe" or not-dangerous is dishonest stupid
| [reply] [Watch: Dir/Any] |
but calling it "safe" or not-dangerous is dishonest stupid" OK, lets put the paranoid to rest. It's my own server run from home. It's my own code. Only I know the page address. I run an HTTPS apache server latest stable build. I have configured apache to kill CGI scripts that run longer than 8 seconds. I now have a certain 'magic' that needs to be met to let the page process the perl script. It is only me that uses it. If that is stupid, then I am thick, not Nick
| [reply] [Watch: Dir/Any] |