On Thursday 10 July 2003 17:26, Mantas Kriauciunas wrote: > my server is running freebsd 5.0 > > and yet i havent fixed bug that i knew long time ago, so can anyone > point me with some links or resources about it, i could not find any > good on google, maybe i don't know how to search.
First of all it's not a bug. > The problem is > if the make script <? if($id) include($id); ?> > and then just write > test.php?id=/etc/passwd , they see all the file. > > So how to make sure that no one can access other people files and > server files? and is there any way that nobody would be able to > download php files or how to make them look like code when they are > downloaded. Thanks! You should only be allowing people to include files from pre-determined directories. So use explode() or basename() to extract the filename then prepend the pre-determined directory. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* "The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
