This chapter discusses the risks associated with the use of files and shell commands. PHP has a rich collection of filesystem functions, as well as a few different options for issuing shell commands. In this chapter, I highlight the most common mistakes that developers tend to make regarding the use of these features.
In general, the risks associated with these features resemble many of the risks already covered in this bookusing tainted data can have disastrous side effects. Although the vulnerabilities themselves are unique, the practices that you can use to protect your applications are practices that you have already learned.