Hello
I have a bunch of sites that I build for my company, all running PHP.
Today a user accessed a page, accidentally mind you, by typing a ? followed
by a partial file name. Now, i can understand why. but this should not
happen. It does not happen on other webservers if the page is an .html
page, only if it is a .php page. Here are a little more of the specifics.
Sorry, i had to change the names to protect the innocent...or my company.
;)
there is a file in this folder called form_reg.php So the actual path is
http://webserver.com/folder/form_reg.php. They were able to access this
page by typing http://webserver.com/folder/?reg.php. They completely left
out the "form" and the "_" and still got the page...problem is that i am no
longer using this version of the form and just kept it in a folder off of
the webserver root, which i guess that I shouldn't do. They were able to
submit the form...which still worked fine, but sent the recipient
infomation that they did not need.
anywho... I wanted to pass this info out here, as this could happen with
any .php URL...and possibly get you in trouble with old versions of code
stored within the document root.
Sorry for the long message, but i thought this was interesting and worth
sharing
Jeff
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
