Re: $_FILES path on client's machine?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Skip Evans wrote:

Hey all,
I get the feeling from not finding an argument for the path on the client's machine for the complete path of a file in $_FILES that it might not be available for security reasons?
The reason I am interested in this is to restore the value of a input type='file' field in a form if the user has to return to the form for validation reasons.
I'd like to restore the full value so the user does not have to browse the file again. 

Nope. Huge security hole ;)
I could prefill the form with something like "/etc/passwd" if you're on a *nix desktop, hide the file input box through css and grab all your details without you knowing it. 

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux