Date: Wed, 23 Mar 2011 12:17:45 -0500 From: Ryan Coleman <editor@d3photography.com> To: Paul Macdonald <paul@ifdnrg.com> Cc: Gary Kline <kline@thought.org>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: why does this simple counter fail? Message-ID: <8D24A40B-A76B-4753-9616-6CC57A597CDC@d3photography.com> In-Reply-To: <4D8A2A90.4040407@ifdnrg.com> References: <20110323164504.GA25317@thought.org> <4D8A2A90.4040407@ifdnrg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 23, 2011, at 12:14 PM, Paul Macdonald wrote: > On 23/03/2011 16:45, Gary Kline wrote: >> Guys, >>=20 >> Can any of you php hackers tell me why this simple self-hacked >> counter bomb? >>=20 >> appended. >>=20 >> tia. > $file doesn't look to be set anywhere >=20 > if its a web script ( as opposed to cmd line cli) tyhen its probably = passed as a POST or GET variable., >=20 > register_globals needs to be on for this variable to be auto set, >=20 > if the form is submitted via POST, change script to: >=20 > $directory=3D"./countdir/"; > $file=3D$_POST['file']; > .... >=20 > if the form is submitted via GET (you'd see the file=3Dvariable in the = address bar), change script to: >=20 > $directory=3D"./countdir/"; > $file=3D$_GET['file']; > .... >=20 > Of course you want to sanitise this $file variable so that it can't be = hacked. Additionally you could do: $file =3D $_SERVER['PHP_SELF']; Which will tie the filename to the actual PHP file. But you might want to do something like... $file =3D urlencode($_SERVER['REQUEST_URI']).".txt"; to make it the full url, safe vars for file names and add .txt to make = it readable in other things not FreeBSD.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8D24A40B-A76B-4753-9616-6CC57A597CDC>