> Hello again Morton,
> Now I see the bigger picture.
>
> If everything is working then you simply need to add a line "die();"
> after
> the line "readfile('original.pdf');" and before the closing "}"
>
> There is a security issue here in that a third party has access to all
> files
> that are accessible to the scripts "owner" or "group". Depending on you
> server OS and config that may also include other users files on shared
> servers.
>
> For example - copy the following to a htm file on your desktop
>
> <html><head></head><body>
> <form action="insert file name of above script" method="get">
> What file do you want
> <input type="text" name="file" value="../../../../../wp-blog-header.php">
> <br>
> <input type="submit" value="download">
> </body></html>
>
> It would be better to have all the public files in one directory and
> specify
> the path in php.
>
> Thanks Robert.
>
> PS: It is a required convention in this list to type below the original
> postings.
>
>
Wow! It worked, thanx a lot man! For everything, really!
morten.
