Possibilities for improving security on a sourec displayer.
1) Maybe you could restrict your source shower to only look at
particular types of files - maybe the file has to end in ".php"
or ".inc" before it is even considered.
2) Given that something that displays the source needs to read the file,
maybe it could just look for some kind of marker that would
have to appear within the first N lines of a file, otherwise it
would be rejected. For example, every file that could be displayed
might need to look like this:
<?php
//<<DISPLAYABLE>>
...
At 16:54 4/07/2001 +0100, Jon Haworth wrote:
>Yes, I would have thought this would do it:
>
>if (strstr($file, "/usr/local/apache/htdocs/") {
> show_source($file);
>} else {
> echo "File must be in /usr/local/apache/htdocs!";
>}
-------------------------
Brian White
Step Two Designs Pty Ltd - SGML, XML & HTML Consultancy
Phone: +612-93197901
Web: http://www.steptwo.com.au/
Email: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
