Good point; time to learn some real php. As you can see I don't know much and end up doing most of the processing in the shell. I should extract the base filename and check that it exists, or return a proper 404. That would also take care of the untrusted data.you're passing $_SERVER['REQUEST_URI'], which is user-supplied (read: untrusted) data to an external program which is specifcally warned against in the passthru() documentation
<?php
header("Content-type: image/jpg");
$ip = $_SERVER['REMOTE_ADDR'];
$img = $_SERVER['REQUEST_URI'];
passthru("wrjpgcom -comment \"downloaded from
http://zcat.wired.net.nz/ by $ip on `date`\" `basename $img`");
?> -- On June 1, 2001, Steve Ballmer, CEO of Microsoft, told the Chicago Sun-Times: "Linux is cancer." Unsurprisingly that's incorrect; LINUX was released on August 25th 1991 and is therefore a Virgo. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|