> > I think file_exists returns false for remote files ;) > > Even if it did (it doesn't: > http://uk3.php.net/manual/en/wrappers.ftp.php), I'd still rather not let > someone steal my /etc/passwd or /etc/shadow etc. files..... > > As I said before. Some form of regexp or similar restriction is 100% > necessary before trusting untrustworthy data. > > Col 1 test I did confirmed the "false" for the remote files. How about that shared host hack attempt? Does that present a problem for shared hosts? This should be my last post to this list from hotmail. Hopefully I'll see you all nicely threaded with gmail. That's where I keep my other lists anyway. _________________________________________________________________ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
