Thanks...
"Tom Rogers" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> Saturday, October 11, 2003, 3:33:05 AM, you wrote:
> CZ> On Fri, 10 Oct 2003 13:09:16 -0400, Scott Fletcher <[EMAIL PROTECTED]>
wrote:
>
> >> Hi Fellas!
> >>
> >> Did anyone have success with making the required function work if using
> >> this sample code.  It didn't work for me.
> >>
> >> --snip--
> >> require("$_REQUEST['PDF_LIB_PATH']");
> >> --snip--
>
> CZ> When you access an array inside of a string you half to tell php that
it
> CZ> is a variable by enclosing it with curly brackets:
>
> CZ>   require("{$_REQUEST['PDF_LIB_PATH']}");
>
>
> CZ> Now the question is, what happens if I access your site like so:
>
> CZ>   http://yoursite.com/yourfile.php?PDF_LIB_PATH=%2fetc%2fpasswd
>
>
> CZ> Always verify your data that is passed in by the user, you might
> CZ> want to read:
>
> CZ>   http://php.net/manual/en/security.filesystem.php
>
> CZ> HTH,
>
> CZ> Curt
> CZ> --
>
>
> Or drop the quotes they are not needed if there are only variables
involved
>
> -- 
> regards,
> Tom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to