Hello. Please, take a look at this: http://www.milc.com.pl/aa.php.txt
Why PHP is parsing file with ".php.txt" extension? I think that is a security hole, because in easy way we can imagine that thereis php script that should allow to upload only .txt files. 99% of coders will check this with /.+?\.txt$/ because this is logic, that php script is everything what ends with ".php". Is there any way to prevent such a situation that not only /.+?\.php/ is parsed by PHP? If you need any additional informations (config files, or something) let me know, I will send it with pleasure. -- Bartłomiej Butyn aka Yoss Nie ma tego złego co by na gorsze nie wyszło. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
