Re: [PHP] opendir security hole

2002-06-03 Thread Analysis & Solutions
On Mon, Jun 03, 2002 at 08:41:37PM +0100, Stuart Dallas wrote: > > Surely a regular expression is overkill for this? It would be more efficient to > use str_replace()... > > $dir = str_replace('..', '', $dir); Sure. But you'd need to do two replaces. First for '../' then for '..' Not a big de

Re[2]: [PHP] opendir security hole

2002-06-03 Thread Stuart Dallas
On Monday, June 3, 2002 at 3:37:48 PM, you wrote: >$dir = preg_replace('/\.\.\/?/', '', $dir); Surely a regular expression is overkill for this? It would be more efficient to use str_replace()... $dir = str_replace('..', '', $dir); -- Stuart -- PHP General Mailing List (http://www.php.n

Re: [PHP] opendir security hole

2002-06-03 Thread Analysis & Solutions
On Thu, May 23, 2002 at 11:23:42AM -0400, Analysis & Solutions wrote: > On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote: > > dir=../../../../ it will show you the root dir of the server , how can i > > Before passing the $Dir variable to the file functions, clean it up... > >$Dir = pr

Re: [PHP] opendir security hole

2002-05-24 Thread daniel
scuse my ignorance i had it after opendir, thanks for that "Daniel" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > unfortunatly it still happens > "Analysis & Solutions" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > On

Re: [PHP] opendir security hole

2002-05-24 Thread daniel
unfortunatly it still happens "Analysis & Solutions" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote: > > dir=../../../../ it will show you the root dir of the server , how can i > > Before passing the $Dir

RE: [PHP] opendir security hole

2002-05-23 Thread Randy Wilcox
ay 23, 2002 9:22 AM To: [EMAIL PROTECTED] Subject: [PHP] opendir security hole hi i am creating a webbased filemanager for uploading files to the database, to determin which dir i upload to i have the directory in the query string ie ?dir=blah , i have found a security flaw where if you typ

Re: [PHP] opendir security hole

2002-05-23 Thread Analysis & Solutions
On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote: > dir=../../../../ it will show you the root dir of the server , how can i Before passing the $Dir variable to the file functions, clean it up... $Dir = preg_replace('/..\//', '', $Dir); --Dan -- PHP classes that make w

[PHP] opendir security hole

2002-05-23 Thread daniel
hi i am creating a webbased filemanager for uploading files to the database, to determin which dir i upload to i have the directory in the query string ie ?dir=blah , i have found a security flaw where if you type dir=../../../../ it will show you the root dir of the server , how can i lock into a