[thelist] url specific session problem

elin tjerngren. artopod elin at artopod.se
Wed Sep 17 11:30:36 CDT 2003

Hi Simon,

> This is unrelated to your problem, but does that URL mean that somewhere in
> your script you're doing this?
> include($_GET['page']);
> If so, you've got a HUGE security problem. 
Yeah, it's stupid. Hmm - my fix to that was this,

if ($_GET['page']) {

The $page is then checked to be a real file, and the actual catalogues on 
the server has .htaccess files with permission denied for all.

I think that might do it?

(Actually mod_rewrite is now up and running on the server so I might use 
it in the future)


/Elin, http://artopod.com

More information about the thelist mailing list