On Mon, Jun 03, 2002 at 08:41:37PM +0100, Stuart Dallas wrote:
>
> Surely a regular expression is overkill for this? It would be more efficient to
> use str_replace()...
>
> $dir = str_replace('..', '', $dir);
Sure. But you'd need to do two replaces. First for '../' then for '..'
Not a big de
On Thu, May 23, 2002 at 11:23:42AM -0400, Analysis & Solutions wrote:
> On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
> > dir=../../../../ it will show you the root dir of the server , how can i
>
> Before passing the $Dir variable to the file functions, clean it up...
>
>$Dir = pr
scuse my ignorance i had it after opendir, thanks for that
"Daniel" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> unfortunatly it still happens
> "Analysis & Solutions" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > On
unfortunatly it still happens
"Analysis & Solutions" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
> > dir=../../../../ it will show you the root dir of the server , how can i
>
> Before passing the $Dir
Use: http://us2.php.net/manual/en/configuration.php#ini.open-basedir
It's also a good idea to always validate the data that comes from the user, especially
when dealing with file related functions.
Randy
-Original Message-
From: daniel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 23,
On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
> dir=../../../../ it will show you the root dir of the server , how can i
Before passing the $Dir variable to the file functions, clean it up...
$Dir = preg_replace('/..\//', '', $Dir);
--Dan
--
PHP classes that make w
6 matches
Mail list logo
