On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:

Hi Fellas!

Did anyone have success with making the required function work if using
this sample code.  It didn't work for me.

--snip--
require("$_REQUEST['PDF_LIB_PATH']");
--snip--

When you access an array inside of a string you half to tell php that it is a variable by enclosing it with curly brackets:

require("{$_REQUEST['PDF_LIB_PATH']}");


Now the question is, what happens if I access your site like so:


http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd


Always verify your data that is passed in by the user, you might want to read:

http://php.net/manual/en/security.filesystem.php

HTH,

Curt
--

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to