Use: http://us2.php.net/manual/en/configuration.php#ini.open-basedir
It's also a good idea to always validate the data that comes from the user, especially when dealing with file related functions. Randy -----Original Message----- From: daniel [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 9:22 AM To: [EMAIL PROTECTED] Subject: [PHP] opendir security hole hi i am creating a webbased filemanager for uploading files to the database, to determin which dir i upload to i have the directory in the query string ie ?dir=blah , i have found a security flaw where if you type dir=../../../../ it will show you the root dir of the server , how can i lock into a directory when using opendir ? please let me know thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php