Date: Wed, 23 Mar 2011 12:17:45 -0500 From: Ryan Coleman <editor@d3photography.com> To: Paul Macdonald <paul@ifdnrg.com> Cc: Gary Kline <kline@thought.org>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: why does this simple counter fail? Message-ID: <8D24A40B-A76B-4753-9616-6CC57A597CDC@d3photography.com> In-Reply-To: <4D8A2A90.4040407@ifdnrg.com> References: <20110323164504.GA25317@thought.org> <4D8A2A90.4040407@ifdnrg.com>
index | next in thread | previous in thread | raw e-mail
On Mar 23, 2011, at 12:14 PM, Paul Macdonald wrote: > On 23/03/2011 16:45, Gary Kline wrote: >> Guys, >> >> Can any of you php hackers tell me why this simple self-hacked >> counter bomb? >> >> appended. >> >> tia. > $file doesn't look to be set anywhere > > if its a web script ( as opposed to cmd line cli) tyhen its probably passed as a POST or GET variable., > > register_globals needs to be on for this variable to be auto set, > > if the form is submitted via POST, change script to: > > $directory="./countdir/"; > $file=$_POST['file']; > .... > > if the form is submitted via GET (you'd see the file=variable in the address bar), change script to: > > $directory="./countdir/"; > $file=$_GET['file']; > .... > > Of course you want to sanitise this $file variable so that it can't be hacked. Additionally you could do: $file = $_SERVER['PHP_SELF']; Which will tie the filename to the actual PHP file. But you might want to do something like... $file = urlencode($_SERVER['REQUEST_URI']).".txt"; to make it the full url, safe vars for file names and add .txt to make it readable in other things not FreeBSD.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8D24A40B-A76B-4753-9616-6CC57A597CDC>