Initial index.php file:
<?php
if(isset($_GET['d'])){setcookie('disp',$_GET['d'],time()+(60*60*24*60));$_COOKIE['disp']=$_GET['d'];}
include_once('writemenus.php');
if(!isset($_GET['href'])) $include = 'startpage.htm';
else {
$include = $_GET['href']; $include = "$include.php";
if($include=='index.php')$include = 'startpage.htm';
}
include_once($include);
include_once('footer.htm');
?>
=============================
Hackers seem to be able to call a remote script by appending the URL
to the href= command line . ( $include )
What buttons do I need to push to stop this? Does PHP have a setting
to allow only local calls? or do I have to do it in the index.php file ? or ??
Advice welcome!
-Pete
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
