ID: 15852 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: Directory function related Operating System: Win2K PHP Version: 4.1.2 New Comment:
The bug system is not the appropriate forum for asking support questions. For a list of a range of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php Previous Comments: ------------------------------------------------------------------------ [2002-03-03 20:54:45] [EMAIL PROTECTED] A client has posted us the following code, after being able to view to complete filesystem on a Windows 2000 server we resell space on: ---------------------------------------------------- <? // get directory handle $hook = dir("c:winnt"); // display location echo "<b>Current path is $hook->path</b><br>"; // read directory and echo list while ($file=$hook->read()) { if ($file != "." && $file != "..") { echo "$file<br>"; } } // close directory $hook->close(); ?> ---------------------------------------------------- Is there anyway to protect against this, and does it represent a security flaw? Thanks Gary ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15852&edit=1
