maybe one could be
<?
$allowed_path = "/www/sites/mysite/teaching";
if (substr($file, 0, str_len($allowed_path)) <> $allowed_path )
{
die("not allowed!");
}
else
{
show_source($file);
}
?>
----- Original Message -----
From: "Hankley, Chip" <[EMAIL PROTECTED]>
To: "PHP Mailingliste" <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 5:45 PM
Subject: RE: [PHP] Security of PHP code
> OK,
>
> I'm pretty new to PHP, and have been reading this thread, and am just a
> little freaked.
>
> If I understand this right, the only way reason we can view the source
code
> of those pages is that the web server on which the page resides
essentially
> has a PHP page somewhere on their site that has some variation of:
>
> <?show_source($file);?>
>
> as it's content, right?
>
> While I can see the utility of that for some situations
> (teaching...examples, etc.), it seems like a huge potential for security
> breaches.
>
> Is it possible to have such a function on your site w/o giving access to
ALL
> of your documents...
>
> Chip
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
