At 11:06 PM +0000 11/15/07, Stut wrote:
The realpath function will reduce your definition of $page to
"/home/evil-user-home-dir/evil-payload.php"
$expecteddir is set to "/home/stut/phpstuff/inc"
The if takes the first strlen($expecteddir) characters of the
reduced $page and compares it to $expecteddir.
If they don't match then if means the requested file is outside your
"safe" directory, hence access denied. If they do match then it's
safe to include the file.
-Stut
-Stut:
What about this?
<?php
$origwd=getcwd();
while(!file_exists('common'))
{
$prevwd=getcwd();
If (basename($prevwd) == "httpdocs")
{
echo('not found<br/>');
exit;
}
chdir('..');
}
include('common/includes/header.php');
chdir($origwd);
?>
I have a common set of includes that most of my test scripts find and
use. Unless I'm not understanding the problem here, this looks like
something this might work. It simply looks for the files it needs in
an approved path. I don't see any way to circumvent this, do you?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
