| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by tyingq 1930 days ago

Looks like a neat hack, but it also looks like it has path traversal issues, so be careful with it.

  $url = $request->url;
  $path = $this->rootDir.$url;
  $env = [ ... "SCRIPT_FILENAME" => $path,...]
  $process = proc_open('php-cgi', $descriptorspec, $pipes, $cwd, $env);