On Sun, 2005-10-02 at 11:26, Philip Hallstrom wrote:
> >> realpath() is your friend...
> >
> > That has been my first impression too, but...
> >
> >> realpath() expands all symbolic links
> >
> > I am actually using symlinks :)
> >
> > I trust the files on my server so "local redirects" via symlink
realpath() is your friend...
That has been my first impression too, but...
realpath() expands all symbolic links
I am actually using symlinks :)
I trust the files on my server so "local redirects" via symlinks are no
problem, the user submitted data is.
Then realpath() your doc root as we
Thanks for your reply, Philip.
> realpath() is your friend...
That has been my first impression too, but...
> realpath() expands all symbolic links
I am actually using symlinks :)
I trust the files on my server so "local redirects" via symlinks are no
problem, the user submitted data is.
Reg
I'm working on a script which basically loads an image, the user
requested and wonder how to properly sanitize the passed path. For
instance the user should never ever be able to do somtehing
like ?load=../../../etc/passwd.
My approach so far is to simply urldecode() the given string and return
a
Hi,
I'm working on a script which basically loads an image, the user
requested and wonder how to properly sanitize the passed path. For
instance the user should never ever be able to do somtehing
like ?load=../../../etc/passwd.
My approach so far is to simply urldecode() the given string and r
5 matches
Mail list logo
