On Wednesday 01 June 2005 22:33, you wrote:
>
> >elseif(count($_POST)>0)
> > foreach($_POST as $key=>$value)
> > if( ($key!=='login') && ($key!=='name') && ($key!=='pass') )
> > $hiddens.=<<<_hid_
> > \n\t
> > _hid_;
>
> But what happened here? Why do you assume POST data is saf
Andy Pieters wrote:
> $valid=array('from','authorize','order');
>#copy GET to POST
>if(count($_GET)>0)
>{foreach($_GET as $key=>$value)
> if(in_array($key,$valid))
> {$key=htmlspecialchars($key);
> $value=htmlspecialchars($value);
> $hiddens.=<<<___hid
> \n\t
Hi all
I just got the ok from the client pertaining the disclosure of parts of the
code.
Basically I made admin and a user must be loged in in order to access any file
in that directory. (except index.php)
Here is the file index.php
LogedIn())
{$dest=PAGE_LOGIN_SUCCESS;
$dest=getShopDest
please hack apart this solution and point out the error/insecure nature of the
setup.
goal, provide php access to name based virtual hosts on FreeBSD boxes
problem, security of PHP access to base system and other user scripts
solution,
apache compiled with suexec
# set user and group to unique
4 matches
Mail list logo
