Date: Wed, 23 Mar 2011 12:17:45 -0500 From: Ryan Coleman <editor@d3photography.com> To: Paul Macdonald <paul@ifdnrg.com> Cc: Gary Kline <kline@thought.org>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: why does this simple counter fail? Message-ID: <8D24A40B-A76B-4753-9616-6CC57A597CDC@d3photography.com> In-Reply-To: <4D8A2A90.4040407@ifdnrg.com> References: <20110323164504.GA25317@thought.org> <4D8A2A90.4040407@ifdnrg.com>
index | next in thread | previous in thread | raw e-mail
On Mar 23, 2011, at 12:14 PM, Paul Macdonald wrote: > On 23/03/2011 16:45, Gary Kline wrote: >> Guys, >> >> Can any of you php hackers tell me why this simple self-hacked >> counter bomb? >> >> appended. >> >> tia. > $file doesn't look to be set anywhere > > if its a web script ( as opposed to cmd line cli) tyhen its probably passed as a POST or GET variable., > > register_globals needs to be on for this variable to be auto set, > > if the form is submitted via POST, change script to: > > $directory="./countdir/"; > $file=$_POST['file']; > .... > > if the form is submitted via GET (you'd see the file=variable in the address bar), change script to: > > $directory="./countdir/"; > $file=$_GET['file']; > .... > > Of course you want to sanitise this $file variable so that it can't be hacked. Additionally you could do: $file = $_SERVER['PHP_SELF']; Which will tie the filename to the actual PHP file. But you might want to do something like... $file = urlencode($_SERVER['REQUEST_URI']).".txt"; to make it the full url, safe vars for file names and add .txt to make it readable in other things not FreeBSD.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8D24A40B-A76B-4753-9616-6CC57A597CDC>