Hi Robert, Robert Cummings wrote:
How are these saved files then imported into the content? Are they included or do you retrieve the contents using something like file(), file_get_contents(), or fread() and then echo it? If you are using
Currently I am using readfile() (plus some other security checking) to display the contents of the edited files. I setup my script to only allow specific file types (txt, html, htm).
include or require on a file whose contents are based on web input content then you are opening up a can of security worms since anyone with access tot he CMS could embed PHP code in the content and do anything for which the webserver has permissions.
Thanks for pointing that out. Now that you mention it, I should probably re-work my code to use a different method of page inclusion. I am pretty concerned about security breaches... what are your thoughts on readfile()? Would you suggest I use file(), file_get_contents(), or fread() instead?
Thanks for the help Robert, I really appreciate your time. :) Cheers, Micky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
