[vox-tech] php security (was: another php question)
Matt Roper
vox-tech@lists.lugod.org
Thu, 6 Jun 2002 12:39:03 -0700
With this solution, what keeps people from using something like
"../../../etc/shadow" as $arg? You'd probably need to strip out slashes
and ..'s to be safe...
Matt
On Thu, Jun 06, 2002 at 12:20:31PM -0700, Tim Riley wrote:
> An easy way around exposing /etc/anything is to do what Apache does with
> HTML documents: only reference documents inside a relative directory.
>
> e.g., $file2open = $APPLICATION_HOME_DIRECTORY . $arg[ 1 ]
>
--
*************************************************
* Matt Roper <matt@mattrope.com> *
* http://www.mattrope.com *
* PGP Key: http://www.mattrope.com/mattrope.asc *
*************************************************