From: [EMAIL PROTECTED] Operating system: Linux PHP version: 4.2.2 PHP Bug Type: Output Control Bug description: Viewing files on disk
Just to know if it correc to see /etc/passwd for example, I did a simple script like this. pag1.html -------------------------------- <html> <body> <p>:-D</p> <form action="ensena.php" method="POST"> <input type="text" name="file"><input type="submit"> </form> </body> </html> ---------------------------------- ensena.php ---------------------------------- <? $archivo = $_POST['file']; readfile($archivo); ?> ---------------------------------- so you can put "/etc/passwd" and the it is showed, just wanna know if this is correct.. Regards. -- Edit bug report at http://bugs.php.net/?id=21811&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=21811&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=21811&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=21811&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=21811&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=21811&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=21811&r=support Expected behavior: http://bugs.php.net/fix.php?id=21811&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=21811&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=21811&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=21811&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=21811&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=21811&r=dst IIS Stability: http://bugs.php.net/fix.php?id=21811&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=21811&r=gnused
