Only is register_globals is on can that reset a variable. You are
correct though, defining directory paths is safer.
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Joseph Crawford wrote:
> read up on register_globals. It is a security risk because if i do
read up on register_globals. It is a security risk because if i do
http://domain.com/file.php?plugins_directory=/directory/
it can reset your variable.
the best way to do that is to make PLUGINS_DIR a constant
define('PLUGINS_DIR', '/directory/');
Joseph Crawford
On Sep 23, 2008, at 12:58 PM
I get an error stating that this line in my code is a security risk when I
code it.
require_once($PLUGINS_DIRECTORY."forum/forum.php");
here is what the explanation is:
include() or analogous is used with variable argument this can be dangerous
since variables are in many cases controlled by