On Wed, 4 Jul 2001, Steve Werby wrote:

> "Jon Haworth" <[EMAIL PROTECTED]> wrote:
> > Yes, I would have thought this would do it:
> >
> > if (strstr($file, "/usr/local/apache/htdocs/") {
> > show_source($file);
> Something along those lines will work.  Without some kind of limitations
> built in, the page will be able to load any file that's world-readable so
> it's a good idea to limit access to certain directories or hardcode the
> directory you want to give access to.

    Imagine someone passing in
    /usr/local/apache/htdocs/../../../../etc/passwd as path..

    - Sascha                                     Experience IRCG
      http://schumann.cx/                http://schumann.cx/ircg

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to