Brian or anyone,
Ok, supposing I don't want someone to be able to use <script language="php"> and I'm the paranoid sysadmin, (WebCT system see open source moodle.org). What advice would you give me? Students are allowed to upload files to my server through a special ftp account. Already, they can't upload files with *.pl, *.php or *.asp etc. But I need to enable php in *.htm files for myself.
But I'm talking about PHP here. Students on a WbCT system. They cannot, however, upload files, even htm, if there is <?php or <? or ?> in them. What other hacks might I think of and code for?
Wouldn't it be a WHOLE lot smarter to just disable/enable PHP for specific sites/folders, etc? What web server are you using?
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
