read up on register_globals. It is a security risk because if i do
http://domain.com/file.php?plugins_directory=/directory/
it can reset your variable.
the best way to do that is to make PLUGINS_DIR a constant
define('PLUGINS_DIR', '/directory/');
Joseph Crawford
On Sep 23, 2008, at 12:58 PM, michael wrote:
I get an error stating that this line in my code is a security risk
when I code it.
require_once($PLUGINS_DIRECTORY."forum/forum.php");
here is what the explanation is:
include() or analogous is used with variable argument this can be
dangerous since variables are in many cases controlled by remote
users.
the recommended soloution is to write it this way
define('SCRIPT_PATH',"/htdocs");
include ('sSCRIPT_PATH."/Foo.inc");
my question is why is the other way safer? im kinda confused..
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
