Sarcasm aside, I do have the script set up (although I didn't note so in the
last response) to not accept files with '.' or '..' in the path. The URL can
accept directories within the one the PHP script is in, but not in a
different path or any directory above its own (i.e., the server files).
--
Kyrie Eleison,
Rick
www.spiritsword.com/phpBB2/
John W. Holmes wrote:
>> I have a page set up that loads the contents of a text file into an
>> HTML template using PHP. (i.e. something.com/page.php?include=1
>> where "1" is a simple no-extension text file in the same directoy as
>> page.php). Is there a
>> way to modify the PHP code in the template page to search for the
>> included page in another directory? Right now, the only way to do it
>> is to have the URL as "page.php?include=files/1".
>>
>> Currently, here is the code I use to takes the $include URL variable
>> and makes the file accessible in the template:
>>
>> $info = file($include);
>
> Can I get the URL to your server, please, so I can pull up
> page.php?include=/etc/passwd ?? Thanks, I would really appreciate
> that.
>
> But seriously, I really hope you are validating what $include is.
>
> If you want the file to be included from a different directory, then
> you have to pass some flag/variable to PHP to tell it where to look.
> If you always want it to be in the same dir, then use
>
> $info = file('files/' . $include);
>
> ---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
