有人可以在我的库中执行php函数但是没有在查看的页面上调用吗?
Let's say I have a php file, test.php with 2 functions: test1() and test2().
If I have an external php file, index.php, with include(test.php) in its code. If in the index.php file has a reference to test1() but not test2(), is there any way that someone would be able to execute test2() by doing something malicious while using the index.php file?
假设我有一个php文件,test.php包含2个函数:test1()和test2()。
如果我有一个外部php文件,index.php,其代码中包含include(test.php)。 如果在index.php文件中有对test1()的引用而不是对test2()的引用,那么在使用index.php文件时,是否有人能够通过做恶意的事情来执行test2()? p> div>
The only way they could execute arbitrary code is through a code injection vulnerability.
Here's an oversimplified example:
<?php
$runthis = $_GET["runthis"];
$runthis();
So an attacker could invoke your script as http://example.com/index.php?runthis=test2 and then it would run your test2() function.
Read more about code injection at the wikipedia article I linked to above, or at the OWASP site.
When you say "using", do you mean like an end user in their browser? No, they can't run arbitrary code.