Just to aknowledge that your post is being read: I think that's all you 
have to do - that obviously doesn't necessarily mean I'm also right. :-)


Jimmy Lantz wrote:

> Hi,
> I'm planning on using userinput as a part of path to read (horrific I 
> know :)
> So to make this userinput a bit more secure I'm thinking to use
> $path = escapeshellarg($path);
> $path = str_replace("../","",$path);
> I'm thinking to use a basedir in a constant something like 
> /usr/home/userdir  (this also being set in php.ini)
> then add the userinput and then append that to the constant and then 
> use opendir() on it.
> I want to avoid people putting in nice little strings like ../../../etc/
> Any other pointers?
> / Jim
> Security is a state of mind not a sales arguement!
> *** Secret behind flying=
> Throw yourself at the ground and miss :-)

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to