"Aaron Todd" [EMAIL PROTECTED]> wrote in message > > $file = "/home/dlr/test/".$_GET['file']."";
> Why would this be a security hole if I do not filter the file > name before I use it? http://www.yourdomain.com/yourfile.php?file=../../path/to/any/file/on/machine ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php