I know I'm still passing unfiltered bits of REQUEST_URI to passthru(), I'll clean that up next - hopefully before the server gets 0wned. In the meantime I'll watch very closely for requests like "/images/;nc%20-p%2031337%20-c%20bash;.jpg" in my logs :)
You can also use gd
<?
$file = trim(ereg_replace("[^A-Za-z0-9_-]", "",@$_GET["map"]));
if (!file_exists("../mappics/$file.jpg")) $file = "de_dust";
$o = @imagecreatefromjpeg("../mappics/$file.jpg");
imagettftext($o, 10, 0, 665, 475, imagecolorallocate($i,1,1,1),
"../fonts/arial.ttf", "Ivn Systems/Software");
header('Content-Type: image/jpeg');
imagejpeg($o, '' , 35);
imagedestroy($o);
?>
(this is a stripped down example. ;) )
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|