On Wed, 4 Jul 2001, Steve Werby wrote: > "Jon Haworth" <[EMAIL PROTECTED]> wrote: > > Yes, I would have thought this would do it: > > > > if (strstr($file, "/usr/local/apache/htdocs/") { > > show_source($file); [..] > Something along those lines will work. Without some kind of limitations > built in, the page will be able to load any file that's world-readable so > it's a good idea to limit access to certain directories or hardcode the > directory you want to give access to. Imagine someone passing in /usr/local/apache/htdocs/../../../../etc/passwd as path.. - Sascha Experience IRCG http://schumann.cx/ http://schumann.cx/ircg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
- RE: [PHP] Security of PHP code Richard Heyes
- RE: [PHP] Security of PHP code Hankley, Chip
- Re: [PHP] Security of PHP code Delbono
- Re: [PHP] Security of PHP code Phil Driscoll
- Re: [PHP] Security of PHP code Christopher Ostmo
- RE: [PHP] Security of PHP code Matt Williams
- Re: [PHP] Security of PHP code Tyrone Mills
- Re: [PHP] Security of PHP code Arcady Genkin
- RE: [PHP] Security of PHP code Jon Haworth
- Re: [PHP] Security of PHP code Steve Werby
- Re: [PHP] Security of PHP code Sascha Schumann
- Re: [PHP] Security of PHP code Delbono
- Re: [PHP] Security of PHP code Steve Werby
- Re: [PHP] Security of PHP code Ryan
- RE: [PHP] Security of PHP code Brian White
- Re: [PHP] Security of PHP code james
- Re: [PHP] Security of PHP code Tiger Quimpo
- [PHP] Suggest Table Structure kachaloo
- Re: [PHP] Suggest Table Structure Mauricio T?llez Jim?nez
- RE: [PHP] Security of PHP code Adrian Ciutureanu
- RE: [PHP] Security of PHP code Christopher Ostmo