Graham Anderson wrote:
Is the below reasonable safe ?
I have all of my main functions outside the web folder
I am including this function with every php script that
accesses fonovisa.inc
function getBrain()
{
$temp = explode('.', $_SERVER['SERVER_NAME']);
Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
cases, you must consider $temp tainted at this point.
$size = count($temp);
$server = $temp[$size -2];
Now $server is tainted.
$brainPath = "/home/".$server."/includes/fonovisa.inc";
Therefore, this is a security vulnerability.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
