> When including files in ASP pages using <!--#virtual="/filename.asp"--> I
> was able to include files into pages using path relative to the webserver
> root. I have tried similar in PHP using include("/filename.php"), but just
> recently learned that "/" slash charachter moves the pointer to the root
of
> the drive on which webserver directory is located on.
Be careful, unless you're running in Safe Mode and/or have carefully audited
your file system privileges. You can also delete anything you want in the
root directory as well.
I have tried and tried yet unsuccessfully to get PHP's Safe Mode to help
block this but it seems that most Safe Mode function "caveats" (the function
won't work if...) depend on the UIDs of the script and of the file/directory
in question. Well, all my UIDs constantly show up as 0, whether they're
owned by Administrators or not.
I am under the impression that PHP Safe Mode on IIS machines is mostly
non-functional because of this. But it seems that PHP support for windows
isn't terribly "there" and so nobody has been able to confirm or deny this
for me.
Eric R. Gavin
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
