Date: Wed, 23 Mar 2011 17:14:56 +0000 From: Paul Macdonald <paul@ifdnrg.com> To: Gary Kline <kline@thought.org> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: why does this simple counter fail? Message-ID: <4D8A2A90.4040407@ifdnrg.com> In-Reply-To: <20110323164504.GA25317@thought.org> References: <20110323164504.GA25317@thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23/03/2011 16:45, Gary Kline wrote: > Guys, > > Can any of you php hackers tell me why this simple self-hacked > counter bomb? > > appended. > > tia. $file doesn't look to be set anywhere if its a web script ( as opposed to cmd line cli) tyhen its probably passed as a POST or GET variable., register_globals needs to be on for this variable to be auto set, if the form is submitted via POST, change script to: $directory="./countdir/"; $file=$_POST['file']; .... if the form is submitted via GET (you'd see the file=variable in the address bar), change script to: $directory="./countdir/"; $file=$_GET['file']; .... Of course you want to sanitise this $file variable so that it can't be hacked. -- ------------------------- Paul Macdonald IFDNRG Ltd Web and video hosting ------------------------- t: 0131 5548070 m: 07534206249 e: paul@ifdnrg.com w: http://www.ifdnrg.com ------------------------- IFDNRG 40 Maritime Street Edinburgh EH6 6SA -------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D8A2A90.4040407>