TIL java allows null bytes in the middle of a string, doesn't display with print obviously, but BOOOM if you try to use them to save a file
"poison null byte", was a nice trick for breaking PHP scripts for quite a while until they fixed it
-
-
well, at least PHP fixed it for the most important APIs. I don't think they fixed it everywhere.
- End of conversation
New conversation -
-
-
yeah this fix hitting java was a major security fix. Iirc, null bytes are invalid in any strs passed to the C layer
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.