[thelist] style switcher in php?

Merlene Paynter Blacha merlene_blacha at sympatico.ca
Sat Oct 26 09:38:01 CDT 2002


I'm not trying to protect the "Caramilk Secret" so for me this works
just fine. No user ids or passwords to deal with.

Thanks Geoff!

Merlene

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org] On Behalf Of David U.
Sent: Saturday, October 26, 2002 10:31 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] style switcher in php?

Geoff Sheridan wrote:
> So it's safe to use my script then.
> Right?

Looks okay to me.

If you want to be real safe you could use the basename() function just
in
case it is a path or you could use a preg_replace to check for any /'s
or
..'s

-davidu

>
> At 12:00 am +1000 27/10/02, Lachlan Cannon wrote:
>> I don't see how this is any different, apart from requiring one more
>> level of .. than the other, and as long as the ? works like I'd
>> think it would, but then I realised it'd be a pointless hack anyway,
>> since the user's browser would try querying the webserver for the
>> file, and the web server would deny it. Now if the $user_value was
>> being included, that'd be different.
>> --
>> Lach


--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !





More information about the thelist mailing list