[thelist] style switcher in php?

David U. davidu at everydns.net
Sat Oct 26 09:31:01 CDT 2002


Geoff Sheridan wrote:
> So it's safe to use my script then.
> Right?

Looks okay to me.

If you want to be real safe you could use the basename() function just in
case it is a path or you could use a preg_replace to check for any /'s or
..'s

-davidu

>
> At 12:00 am +1000 27/10/02, Lachlan Cannon wrote:
>> I don't see how this is any different, apart from requiring one more
>> level of .. than the other, and as long as the ? works like I'd
>> think it would, but then I realised it'd be a pointless hack anyway,
>> since the user's browser would try querying the webserver for the
>> file, and the web server would deny it. Now if the $user_value was
>> being included, that'd be different.
>> --
>> Lach





More information about the thelist mailing list