On Thu, May 23, 2002 at 11:23:42AM -0400, Analysis Solutions wrote:
On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
dir=../../../../ it will show you the root dir of the server , how can i
Before passing the $Dir variable to the file functions, clean it up...
$Dir =
On Monday, June 3, 2002 at 3:37:48 PM, you wrote:
$dir = preg_replace('/\.\.\/?/', '', $dir);
Surely a regular expression is overkill for this? It would be more efficient to
use str_replace()...
$dir = str_replace('..', '', $dir);
--
Stuart
--
PHP General Mailing List
On Mon, Jun 03, 2002 at 08:41:37PM +0100, Stuart Dallas wrote:
Surely a regular expression is overkill for this? It would be more efficient to
use str_replace()...
$dir = str_replace('..', '', $dir);
Sure. But you'd need to do two replaces. First for '../' then for '..'
Not a big deal.
unfortunatly it still happens
Analysis Solutions [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
dir=../../../../ it will show you the root dir of the server , how can i
Before passing the $Dir variable
scuse my ignorance i had it after opendir, thanks for that
Daniel [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
unfortunatly it still happens
Analysis Solutions [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Thu, May 23,
hi i am creating a webbased filemanager for uploading files to the database,
to determin which dir i upload to i have the directory in the query string
ie ?dir=blah , i have found a security flaw where if you type
dir=../../../../ it will show you the root dir of the server , how can i
lock into
On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
dir=../../../../ it will show you the root dir of the server , how can i
Before passing the $Dir variable to the file functions, clean it up...
$Dir = preg_replace('/..\//', '', $Dir);
--Dan
--
PHP classes that make
, 2002 9:22 AM
To: [EMAIL PROTECTED]
Subject: [PHP] opendir security hole
hi i am creating a webbased filemanager for uploading files to the database,
to determin which dir i upload to i have the directory in the query string
ie ?dir=blah , i have found a security flaw where if you type
dir
8 matches
Mail list logo