On Mon, March 14, 2005 16:27, Charles Fry said: > FWIW, I was able to put the line: > > require_once(dirname(__FILE__).'/config-'.strtolower($_SERVER['HTTP_HOST']).'.php'); > > into config.php, and then create a separate config file for each > domain/subdomain. Of course this has the disadvantage that one can't > have more than one board per subdomain, but it does work otherwise, as > far as I can tell.
Thanks for the tip. The example you give is not exploitable as far as I can tell but to be sure I'd check whether the HTTP_HOST does not contain any illegal characters (a remote user can directly influence its value). Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
