Scary Code Department
What could possibly go wrong with this snippet of PHP code from a
web-based CMS? Ignore the lack of error checking...
function publish_page($ID) {
$page = $this->render($ID);
$path = $this->div_path($page[1]);
$file = $path.$page[2];
# Write file
$handle = fopen($file, "w");
fwrite($handle, $page[0]);
fclose($handle);
chmod($file, 0666);
$user = $this->auth->user;
$this->db->q("update pages set published=now(), user='$user' where id='$ID'");
return "$page[3] published...<br>";
}
Yup, it's a well-behaved CMS that publishes your files and makes
them world-writable.
Response:
text/plain