Hi Fellas!
Did anyone have success with making the required function work if using this sample code. It didn't work for me.
--snip-- require("$_REQUEST['PDF_LIB_PATH']"); --snip--
When you access an array inside of a string you half to tell php that it is a variable by enclosing it with curly brackets:
require("{$_REQUEST['PDF_LIB_PATH']}");
Now the question is, what happens if I access your site like so:
http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd
Always verify your data that is passed in by the user, you might want to read:
http://php.net/manual/en/security.filesystem.php
HTH,
Curt --
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
