Hi William,
I think that's what I'm looking for. One question. What do you mean "whitelist" the filepaths". My only reference point is email. "Whitelist" for me means that email address on my "whitelist" always get through, even though the spam software might initially think it's spam. Can you clarify?
And you will of course whitelist the file paths you are allowing people to download... :)
I assume by whitelist he means do not allow such things as:
http://site/images/fetch.pl?/etc/passwd
Perhaps set the path of the image directory into the script, hardcoded like so:
$path = '/home/fubar/www/images';
or something like that so you are restricting to a certain directory, and not just letting any file be read in by the cgi and sent to the browser.
Pete
