Shawn McKenzie wrote:

Is this expected behavior???

Settings such as safe_mode come into play. There is a difference between what a webhost provider expects from someone trusted with an account, and what is expectd of a user of your website. The best advice I've heard is to assume a user of your site is a hacker who wants to bring your site down. ...

(myscript.php?page=, or relative URLs

Can I do this without allowing someone to include files by filesystem
reference??? check and validate any user input. If you decide that it is not a good idea to allow a user to specify /etc/passwd (as all user names are stored there), then check and reject such things (commonly any absolute path).



PHP General Mailing List (
To unsubscribe, visit:

Reply via email to