> <snip>
> file.php?file=inc.foobar.php
> -------------------------
> include("include/$file");
> </snip>That doesn't fix anything... file.php?file=../../../etc/passwd Just a matter of a few tries to see how many directories you have to go up... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
