Quote:
|
Originally Posted by denisdekat09
SecFilterSelective "THE_REQUEST" "(system|exec|passthru|popen|shell_exec|proc_open| fopen|fwrite)\s*\("
|
I've seen that rule a lot also, but it doesn't work exactly like you would expect, because \s* is not recognized properly.
\s*\( should mean 0 or more whitespace characters followed by a (
While this rule blocks
system(..) , it does NOT block
system (..).
At least not when I tried it
Using [[:space:]]* is what worked for me