I'm not trying to protect the "Caramilk Secret" so for me this works just fine. No user ids or passwords to deal with. Thanks Geoff! Merlene -----Original Message----- From: thelist-admin at lists.evolt.org [mailto:thelist-admin at lists.evolt.org] On Behalf Of David U. Sent: Saturday, October 26, 2002 10:31 AM To: thelist at lists.evolt.org Subject: Re: [thelist] style switcher in php? Geoff Sheridan wrote: > So it's safe to use my script then. > Right? Looks okay to me. If you want to be real safe you could use the basename() function just in case it is a path or you could use a preg_replace to check for any /'s or ..'s -davidu > > At 12:00 am +1000 27/10/02, Lachlan Cannon wrote: >> I don't see how this is any different, apart from requiring one more >> level of .. than the other, and as long as the ? works like I'd >> think it would, but then I realised it'd be a pointless hack anyway, >> since the user's browser would try querying the webserver for the >> file, and the web server would deny it. Now if the $user_value was >> being included, that'd be different. >> -- >> Lach -- For unsubscribe and other options, including the Tip Harvester and archive of thelist go to: http://lists.evolt.org Workers of the Web, evolt !