Y
Hacker News
new
|
ask
|
show
|
jobs
by
4mnt
4371 days ago
I'm pretty sure $login can be set to true/false somewhere on top of the file as 'configuration'. Only it gets overwritten by the call to extract().
It was not meant to be user input
1 comments
p4bl0
4371 days ago
I feel stupid. Of course, you are right.
link
heydenberk
4371 days ago
Don't feel stupid. This is difficult to reason about, hence the existence of the bug and the inadvisability of PHP's `extract` function.
link