From: "Toby Irmer" <[EMAIL PROTECTED]>
> file: show.php
>
> <?
> header("Content-type: image/jpeg");
> readfile("/path/to/file/".$_GET["filename"]);
> ?>
>
>
> in your files:
>
> <img src="show.php?filename=myfile.jpg" ...>
>
> or something like that ;)
Are you trying to get him to compromise his server? I'm sure that's just a
simple suggestion, but it's horrible. This will allow a user to request the
contents of any file PHP has access to read...
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
