On Wed, 4 Jul 2001, Steve Werby wrote:
> "Jon Haworth" <[EMAIL PROTECTED]> wrote:
> > Yes, I would have thought this would do it:
> >
> > if (strstr($file, "/usr/local/apache/htdocs/") {
> > show_source($file);
[..]
> Something along those lines will work. Without some kind of limitations
> built in, the page will be able to load any file that's world-readable so
> it's a good idea to limit access to certain directories or hardcode the
> directory you want to give access to.
Imagine someone passing in
/usr/local/apache/htdocs/../../../../etc/passwd as path..
- Sascha Experience IRCG
http://schumann.cx/ http://schumann.cx/ircg
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
- RE: [PHP] Security of PHP code Richard Heyes
- RE: [PHP] Security of PHP code Hankley, Chip
- Re: [PHP] Security of PHP code Delbono
- Re: [PHP] Security of PHP code Phil Driscoll
- Re: [PHP] Security of PHP code Christopher Ostmo
- RE: [PHP] Security of PHP code Matt Williams
- Re: [PHP] Security of PHP code Tyrone Mills
- Re: [PHP] Security of PHP code Arcady Genkin
- RE: [PHP] Security of PHP code Jon Haworth
- Re: [PHP] Security of PHP code Steve Werby
- Re: [PHP] Security of PHP code Sascha Schumann
- Re: [PHP] Security of PHP code Delbono
- Re: [PHP] Security of PHP code Steve Werby
- Re: [PHP] Security of PHP code Ryan
- RE: [PHP] Security of PHP code Brian White
- Re: [PHP] Security of PHP code james
- Re: [PHP] Security of PHP code Tiger Quimpo
- [PHP] Suggest Table Structure kachaloo
- Re: [PHP] Suggest Table Structure Mauricio T?llez Jim?nez
- RE: [PHP] Security of PHP code Adrian Ciutureanu
- RE: [PHP] Security of PHP code Christopher Ostmo
