Just to aknowledge that your post is being read: I think that's all you have to do - that obviously doesn't necessarily mean I'm also right. :-)
Bogdan Jimmy Lantz wrote: > Hi, > I'm planning on using userinput as a part of path to read (horrific I > know :) > So to make this userinput a bit more secure I'm thinking to use > $path = escapeshellarg($path); > $path = str_replace("../","",$path); > > I'm thinking to use a basedir in a constant something like > /usr/home/userdir (this also being set in php.ini) > then add the userinput and then append that to the constant and then > use opendir() on it. > I want to avoid people putting in nice little strings like ../../../etc/ > > Any other pointers? > / Jim > > Security is a state of mind not a sales arguement! > > *** Secret behind flying= > Throw yourself at the ground and miss :-) > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php