Just to aknowledge that your post is being read: I think that's all you
have to do - that obviously doesn't necessarily mean I'm also right. :-)
Bogdan
Jimmy Lantz wrote:
> Hi,
> I'm planning on using userinput as a part of path to read (horrific I
> know :)
> So to make this userinput a bit more secure I'm thinking to use
> $path = escapeshellarg($path);
> $path = str_replace("../","",$path);
>
> I'm thinking to use a basedir in a constant something like
> /usr/home/userdir (this also being set in php.ini)
> then add the userinput and then append that to the constant and then
> use opendir() on it.
> I want to avoid people putting in nice little strings like ../../../etc/
>
> Any other pointers?
> / Jim
>
> Security is a state of mind not a sales arguement!
>
> *** Secret behind flying=
> Throw yourself at the ground and miss :-)
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
