> -----Original Message-----
> From: Fejes Jozsef [mailto:[EMAIL PROTECTED]
> Sent: 10 July 2003 12:33
>
> My method is:
> 1. check if id starts with /
> if(ereg("^\/", $id))
> goaway;
That's a rather expensive (and slightly obscure) way of performing that check. Try:
if ($id{0}=='/')
goaway;
> 2. check if there is .. in it
> if(ereg("\.\.", $id))
> goaway;
Likewise:
if (strpos($id, '..')!==FALSE)
goaway;
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
