> > It could be what I was typing in the url bar.
> >
> > file.php?file=foobar.inc
>
> 1) Try include $_GET['file'];
>
> 2) Let me know where your server is so I can go to
>
> http://your.server/file.php?file=/etc/passwd
>
> miguel
You might want to use .php file extension and /include/ directory to prevent
Miquel stealing your pressious passwords :))
<snip>
file.php?file=inc.foobar.php
-------------------------
include("include/$file");
</snip>
Just a thought :)))
Teemu
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
