On 07/06/2010 20:00, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP applications. When this gap there is a hacker can do with an external code that is interpreted as an inner code as if the code included was more a part of the script.// my code... // my code... include ('http://..../externalhackscript.txt'); //my code... //my code..
can you not switch off remote file includes in php.ini? This will stop include/require from a remote host.. i.e. /allow_url_include = Off in php.ini HTH Rich / -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
