[thelist] style switcher in php?
Lachlan Cannon
luminosity at members.evolt.org
Fri Oct 25 20:36:00 CDT 2002
Geoff Sheridan wrote:
> I wrote one - it's very simple but it may be helpful:
> Yeah, and I *still* haven't got round to doing a webpage about it.
> It doesn't suffer the security problems pointed out about the list
> apart script - but then they were easily fixed. Mine avoids them by
> hardwiring most of the path so:
> /css/<?=$variable?>.css
> The user-submitted $variable can only reference a file in /css and
> only a file ending with .css
>
> If anyone notes any security flaws in my very simple script, I'd be
> glad to hear them.
What happens if the user submitted variable is
"../../../passwordfile.whatever?"
--
Lach
__________________________________________
Web: http://illuminosity.net/
E-mail: lach @ illuminosity.net
MSN: luminosity @ members.evolt.org
__________________________________________
More information about the thelist
mailing list