[PHP] Includes.

Mentor · 19-06-2007, 07:22 PM

Originally Posted by Invent

Yes, but I thought incase for some odd reason they may want to protect files from another folder being accessed.

Because with your script the user could do ?page=../../page.php

Not sure why you need to block it but yeah

What your suggestion wouldnt work since the dir is hard coded. ?page=../../page would be opening

pagesfolder/../../page.php, and to my knowlage the ../../ doesn't work unless its at the beginning to the directory name?

Although it does allow you to open a subdirectry within your pages directory should you want to.

Invent · 19-06-2007, 07:27 PM

pagesfolder/../../page.php would open the file page.php 2 folders below pagesfolder I'm pretty sure.

Ini · 19-06-2007, 07:27 PM

Erm.. Isn't this going a bit of topic lol.

Mentor · 19-06-2007, 07:38 PM

Originally Posted by Invent

pagesfolder/../../page.php would open the file page.php 2 folders below pagesfolder I'm pretty sure.

Just created a test script in my testing server. I want able to get it to open a page outside the dir by adding in ../../ "/

* scratch that, yes i was. Dang. Could make it work by createing a custom page extention though, which wouldnt be used outside the dir

(or just filtering../../

Invent · 19-06-2007, 08:00 PM

just filter "." it's not needed whatsoever

Thread: [PHP] Includes.

Thread Tools

Posting Permissions