'Twas brillig, and GeorgeNLog at 20/02/09 09:14 did gyre and gimble:
In other hand, I'm reading about LFI but don't understand where to fit this
into a situation where a user can set the script path. Could you explain a
real scenario where the user provides this (the script path where he wants
to go)?
There was an example on the original link:
http://framework.zend.com/manual/en/zend.view.migration.html
It's only when you pass unchecked user input directly into render() that
there is a problem. If your app never does this, then you can safely
disable LFI protection.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
