Scary Code Department

What could possibly go wrong with this snippet of PHP code from a
web-based CMS? Ignore the lack of error checking...

function publish_page($ID) {
       $page = $this->render($ID);
       $path = $this->div_path($page[1]);
       $file = $path.$page[2];
       # Write file
       $handle = fopen($file, "w");
       fwrite($handle, $page[0]);
       fclose($handle);
       chmod($file, 0666);
       $user = $this->auth->user;
       $this->db->q("update pages set published=now(), user='$user' where id='$ID'");
       return "$page[3] published...<br>";
}

Yup, it's a well-behaved CMS that publishes your files and makes
them world-writable.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.