Brian or anyone, Ok, supposing I don't want someone to be able to use <script language="php"> and I'm the paranoid sysadmin, (WebCT system see open source moodle.org). What advice would you give me? Students are allowed to upload files to my server through a special ftp account. Already, they can't upload files with *.pl, *.php or *.asp etc. But I need to enable php in *.htm files for myself.
But I'm talking about PHP here. Students on a WbCT system. They cannot, however, upload files, even htm, if there is <?php or <? or ?> in them. What other hacks might I think of and code for? Can I stop <script language="php"> tags? I could javascript embed them to: <script language="javascript"> document.write '<script language="'+'p'+'h'+'p">'; </script> Untested, but works in theory. I've done it before for some vb script. What do I do now? Anything in the php.ini I could turn off? John Spectre013 wrote: > Try <script language="php"> > //php Code here > </script> > Are there other ways of embedding <?php ?> or <? ?> code into an HTML > file? On one project, when I try to upolad files with embedded PHP code, > they actually filter for those tags and won't permit the FTP transfer. > Like reeeal paranoid. Any ideas? -- John Taylor-Johnston ----------------------------------------------------------------------------- Université de Sherbrooke: http://compcanlit.ca/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
