←back to thread

The story of Max, a real programmer

(incoherency.co.uk)
129 points surprisetalk | 2 comments | 30 Jun 25 12:57 UTC | HN request time: 0.451s | source
1. Kostarrr ◴[03 Jul 25 12:48 UTC] No.44454471[source]
Ok now I want to know. Does Max php code have security issues? Because especially in early straightforward PHP, those were all over the place. I vaguely remember PHP3 just injected query variables into your variables? But as $_GET is mentioned, this is probably at least not the case...
replies(2): >>44454573 #>>44454668 #
2. Retr0id ◴[03 Jul 25 13:00 UTC] No.44454573[source]
Both versions have security issues if you're sufficiently paranoid, because they shell out to exiftool on untrusted input files without any sandboxing. Exiftool has had RCE flaws in the past, and will likely have them again.

But for a service with 1 user, it's fine.