Why would this be a security hole if I do not filter the file name before I use it?
Thanks, Aaron "Ed Lazor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The other guys addressed how to get the script working, but I thought I > might also mention that you're presenting a potential security hole in your > app by not filtering the file name before using it. You'll also want to use > the realpath command on the full file name and path. > > > -----Original Message----- > > $file = "/home/dlr/test/".$_GET['file'].""; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
