On 23/03/2011 16:45, Gary Kline wrote:
Guys,
Can any of you php hackers tell me why this simple self-hacked
counter bomb?
appended.
tia.
$file doesn't look to be set anywhere
if its a web script ( as opposed to cmd line cli) tyhen its probably
passed as a POST or GET variable.,
register_globals needs to be on for this variable to be auto set,
if the form is submitted via POST, change script to:
$directory="./countdir/";
$file=$_POST['file'];
....
if the form is submitted via GET (you'd see the file=variable in the address
bar), change script to:
$directory="./countdir/";
$file=$_GET['file'];
....
Of course you want to sanitise this $file variable so that it can't be hacked.
--
-------------------------
Paul Macdonald
IFDNRG Ltd
Web and video hosting
-------------------------
t: 0131 5548070
m: 07534206249
e: p...@ifdnrg.com
w: http://www.ifdnrg.com
-------------------------
IFDNRG
40 Maritime Street
Edinburgh
EH6 6SA
-------------------------
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
