Hi, I'm planning on using userinput as a part of path to read (horrific I know :) So to make this userinput a bit more secure I'm thinking to use $path = escapeshellarg($path); $path = str_replace("../","",$path);
I'm thinking to use a basedir in a constant something like /usr/home/userdir (this also being set in php.ini) then add the userinput and then append that to the constant and then use opendir() on it. I want to avoid people putting in nice little strings like ../../../etc/ Any other pointers? / Jim Security is a state of mind not a sales arguement! *** Secret behind flying= Throw yourself at the ground and miss :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php