Yes, I supposed there could be that eventuality...
I supposed or hoped that wasn't a valid path.
> /usr/local/apache/htdocs/../../../../etc/passwd as path..
I'm not very practice of paths... actually
> On Wed, 4 Jul 2001, Steve Werby wrote:
>
> > "Jon Haworth" <[EMAIL PROTECTED]> wrote:
> > > Yes, I would have thought this would do it:
> > >
> > > if (strstr($file, "/usr/local/apache/htdocs/") {
> > > show_source($file);
> [..]
> > Something along those lines will work. Without some kind of limitations
> > built in, the page will be able to load any file that's world-readable
so
> > it's a good idea to limit access to certain directories or hardcode the
> > directory you want to give access to.
>
> Imagine someone passing in
> /usr/local/apache/htdocs/../../../../etc/passwd as path..
>
> - Sascha Experience IRCG
> http://schumann.cx/ http://schumann.cx/ircg
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
