"Cpt John W. Holmes" wrote: > > The user can pass the name of a file on the server. If you're not doing any > checks and moving or displaying the "file" the user "sent" you, you may end > up moving, deleting, or displaying any file on your server. > > ---John Holmes...
Thanks John, but only in the case global variables are active (as Marek mentioned), right? Alexander -- PINO - The free Chatsystem! Available at http://www.pino.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
