Hmmm... that sounds like it might work.. Thanks. I'll try it after I've had some sleep.. php and no sleep don't really go together. ""Mike"" <php@xxxxxxxxxxxx> wrote in message news:20060130060626.EB3786AE80F@xxxxxxxxxxxxxxxxxxxxxxxxx >> If it is called with the right parameters or the "Previous Directory" >> link is clicked too many times, the browser will be outside >> of the paths that I want them to be in... >> >> I would like to be able to lock the browser down to a >> particular set of directories and thier subs. >> > > What you may want to do is set up a bit of parsing in your script so that > the script is passed the relative portion of the directory and the script > appends the parent folders to that. > > For example, say the user is browsing directory > C:\users\tom\images\vacation > and you want to lock everything to the \users directory. > > Have the script expect > http://localhost/script.php?path=users\tom\images\vacation instead of the > full path. You can then do some basic string parsing to determine the > first > folder (in this case "users") and ensure that that matches a defined set > of > acceptable folders. > > So > > if($first_dir != "users"){ > echo "this is an invalid directory"; > } > > Etc. > > Also, if someone tries to pass "C:\" into $path, it'd end up getting > parsed > as "C:\C:\", which will obviously be an invalid directory. > > This would allow the user from doing something like > > http://localhost/script.php?path=windows\system32 since "windows" isn't in > the approved folders list. > > I'm sure there's a bunch of other ways of doing this, but it's the first > that popped into my head. > > -M -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
