> If it is called with the right parameters or the "Previous Directory" > link is clicked too many times, the browser will be outside > of the paths that I want them to be in... > > I would like to be able to lock the browser down to a > particular set of directories and thier subs. > What you may want to do is set up a bit of parsing in your script so that the script is passed the relative portion of the directory and the script appends the parent folders to that. For example, say the user is browsing directory C:\users\tom\images\vacation and you want to lock everything to the \users directory. Have the script expect http://localhost/script.php?path=users\tom\images\vacation instead of the full path. You can then do some basic string parsing to determine the first folder (in this case "users") and ensure that that matches a defined set of acceptable folders. So if($first_dir != "users"){ echo "this is an invalid directory"; } Etc. Also, if someone tries to pass "C:\" into $path, it'd end up getting parsed as "C:\C:\", which will obviously be an invalid directory. This would allow the user from doing something like http://localhost/script.php?path=windows\system32 since "windows" isn't in the approved folders list. I'm sure there's a bunch of other ways of doing this, but it's the first that popped into my head. -M -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
