From e39023e6fd0dbb206c71bc79dda2e83102dba924 Mon Sep 17 00:00:00 2001
From: mxmehl <mail@mehl.mx>
Date: Fri, 10 Jul 2015 14:12:31 +0300
Subject: [PATCH] more password anti-disclosure

---
 file.txt   | 1 +
 submit.php | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 file.txt

diff --git a/file.txt b/file.txt
new file mode 100644
index 0000000..5be4842
--- /dev/null
+++ b/file.txt
@@ -0,0 +1 @@
+password ' ls -R
diff --git a/submit.php b/submit.php
index f8cb516..60b08bf 100644
--- a/submit.php
+++ b/submit.php
@@ -23,7 +23,6 @@ $SURE = $_POST['sure'];
 // Sanitize variables
 $ACTION = escapeshellarg($ACTION);
 $USER = escapeshellarg($USER);
-$PASS = escapeshellarg($PASS);
 
 $RAND = mt_rand(100000, 999999);
 $PASSFILE = $RAND . '.pass';