I've been doing some more research on this. First off, you should probably make sure that allow_url_fopen and allow_url_include are disabled in both the php.ini file and the http.conf file in apache. This will protect you from someone executing code that gets included via a url.
In regard to the google ads, it seems that you can still easily change the ads that show up via the query stirng. Very weird. For example: http://code621.com/content/1/?_SERVER[DOCUMENT_ROOT]=http://code621.com/m.txt? Nothing malicious in that "m.txt" file but it still causes Google to display incorrect or foreign ads. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---