Hi,
Saturday, October 11, 2003, 3:33:05 AM, you wrote:
CZ> On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote:
>> Hi Fellas!
>>
>> Did anyone have success with making the required function work if using
>> this sample code. It didn't work for me.
>>
>> --snip--
>> require("$_REQUEST['PDF_LIB_PATH']");
>> --snip--
CZ> When you access an array inside of a string you half to tell php that it
CZ> is a variable by enclosing it with curly brackets:
CZ> require("{$_REQUEST['PDF_LIB_PATH']}");
CZ> Now the question is, what happens if I access your site like so:
CZ> http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd
CZ> Always verify your data that is passed in by the user, you might
CZ> want to read:
CZ> http://php.net/manual/en/security.filesystem.php
CZ> HTH,
CZ> Curt
CZ> --
Or drop the quotes they are not needed if there are only variables involved
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
