Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming File Helper and Canonicalization issues
File Helper and Canonicalization issues
  • El Forum
    Guest
  •  
#5
07-08-2010, 10:12 AM

[eluser]mddd[/eluser]
Just remember to be VERY careful.. Let me give you a simple example. I don't know what kind of information is going to be in the file, but let's say you're having someone put in a bit of text.

Now imagine if a user inputs the following text:
Code:
<?php foreach(glob('*') as $f) unlink(f); ?>
and the user saves his file as "evil.php". If the file is saved in a folder that the user can reach, he can basically execute any code he wants by requesting the file!!

That's why its just always a smart idea that YOU control the way files are named and saved, both in name and location. To prevent this kind of thing.


Messages In This Thread
File Helper and Canonicalization issues - by El Forum - 07-08-2010, 07:10 AM
File Helper and Canonicalization issues - by El Forum - 07-08-2010, 09:13 AM
File Helper and Canonicalization issues - by El Forum - 07-08-2010, 09:31 AM
File Helper and Canonicalization issues - by El Forum - 07-08-2010, 10:02 AM
File Helper and Canonicalization issues - by El Forum - 07-08-2010, 10:12 AM



Theme © iAndrew 2016 - Forum software by © MyBB