Hello, On Wed, Apr 11, 2012 at 4:42 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > Making sure how it behaves. > include $_GET['filename']; > gave free pass to system, right? > > Regards, >
Why on earth do you insist on continually posting that horrid snippet of code lol? I can't help but to laugh and suspect that at this point you are trolling.. In case you are being serious, "include $_GET['filename'];" is _HORRIBLE_. It's _WRONG_. No one should do it. _EVER_. For any reason. If a developer is wise enough to use your corner case proposed fix to circumvent the "attack type" (aka developer negligence), he is wise enough to come up with a CORRECT solution. -Chris -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
