From: [EMAIL PROTECTED]
Operating system: Win2K
PHP version: 4.1.2
PHP Bug Type: Directory function related
Bug description: Displaying the file system
A client has posted us the following code, after being able to view to
complete filesystem on a Windows 2000 server we resell space on:
----------------------------------------------------
<?
// get directory handle
$hook = dir("c:winnt");
// display location
echo "<b>Current path is $hook->path</b><br>";
// read directory and echo list
while ($file=$hook->read())
{
if ($file != "." && $file != "..")
{
echo "$file<br>";
}
}
// close directory
$hook->close();
?>
----------------------------------------------------
Is there anyway to protect against this, and does it represent a security
flaw?
Thanks
Gary
--
Edit bug report at http://bugs.php.net/?id=15852&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=15852&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=15852&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=15852&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=15852&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=15852&r=support
Expected behavior: http://bugs.php.net/fix.php?id=15852&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=15852&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=15852&r=submittedtwice
