On 10/25/06, Néstor <[EMAIL PROTECTED]> wrote: > I can tell you that this is not user input but I was printing > variable to try to debug the problem.
HTTP_REFERER is considered user input, becuase it is built from HTTP headers. Just make sure you implicitly trust anybody who is able to execute the script. One could send a referrer that looks like "file:///etc/passwd" or something. There's no reason that $lines = file( $from ) wouldn't work, provided $from is actually set. So either this is a PHP bug, which is _extremely_ unlikely, or you have a typo somewhere in your code. Are you sure you didn't set $form? Are you sure that the referrer is being sent? Are you checking for an error raised by the file() call? -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
