Ronald Wiplinger wrote:
Stut wrote:
Philip Thompson wrote:
I've run into similar problems where I *thought* I was looking in the
correct location... but I wasn't. Take this for example....
<?php // index.php?page=hello/hi
$page = $_GET['page'];
if (file_exists ("$page.php")) {
include ("$page.php");
}
?>
I really hope this is not a piece of production code. If it is then
you might want to think very hard about what it's doing. If you still
can't see a problem let me know!
Ok, I let you know! I don't see it!
I tried the full path like:
if (file_exists('/srv/www/xxxx/dddd/htdocs/images/pic412.jpg')) {
echo "<IMG SRC='images/pic412.jpg'>";
} else {
echo " " // display space to make a table happy
if picture is missing!
}
I also tried it with that line:
if (file_exists('/images/pic412.jpg')) {
or that line:
if (file_exists('images/pic412.jpg')) {
Basically I just want to avoid to show a "missing picture" ! If there is
another solution for that problem I am happy too.
bye
Ronald
I believe Stut was referring to the RFI vulnerability in that example
not your ability to see the problem. Go to the web page that you're
having the issue with and look at the page source
from the browser. Find the img tag and see what is src="" and try to
goto that file in your browser. Also can you use a pastebin and post
your code and give his the url to the site in
question?
William Betts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
