Yes, I would have thought this would do it:
if (strstr($file, "/usr/local/apache/htdocs/") {
show_source($file);
} else {
echo "File must be in /usr/local/apache/htdocs!";
}
Modify as appropriate.
Have I missed anything, or will this do the trick?
Cheers
Jon
-----Original Message-----
From: Hankley, Chip [mailto:[EMAIL PROTECTED]]
Sent: 04 July 2001 16:46
To: PHP Mailingliste
Subject: RE: [PHP] Security of PHP code
OK,
I'm pretty new to PHP, and have been reading this thread, and am just a
little freaked.
If I understand this right, the only way reason we can view the source code
of those pages is that the web server on which the page resides essentially
has a PHP page somewhere on their site that has some variation of:
<?show_source($file);?>
as it's content, right?
While I can see the utility of that for some situations
(teaching...examples, etc.), it seems like a huge potential for security
breaches.
Is it possible to have such a function on your site w/o giving access to ALL
of your documents...
Chip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
