Aaron: PHP question[views:1657][posts:12]_________________________________ [Feb 16,2007 2:52pm - sxealex ""] how do i make a script not have access to a parent directory? Im talking via the script and not via permissions... ? helps yo |
| ____________________________________ [Feb 16,2007 3:41pm - anonymous ""] reply you! |
| _________________________________ [Feb 16,2007 5:54pm - sxealex ""] comeon dood |
| __________________________________ [Feb 16,2007 5:55pm - succubus ""] he's driving... |
| ______________________________________ [Feb 16,2007 6:01pm - the_reverend ""] you mean a inex page? just make index.php and add index.php to your httpd.conf where it says index.html index.htm |
| _________________________________ [Feb 16,2007 8:44pm - sxealex ""] i cant edit daemon configs on this server i only have limited access... basically i have a site editing script but if u have a url of a file that is in a parent folder it can still edit it if u do something like this... here is the contents of a hyperlink on the generated page: javascript:go('.','./editthisfile.html'); if i copy that link and edit it to look like this(notice the double period) i can still edit the file javascript:go('.','../index.html'); what can i add to script to stop this? in php prefearably and not the javascript part |
| _________________________________ [Feb 16,2007 9:14pm - sxealex ""] oh cool i think i fixed it i did something like this $path = str_replace("..", ".", $path); $file = str_replace("..", ".", $file); i guess that built-in fuction replaces instances of characters within a string... is there something else someone could type to get to a parent directory other than "../"? i dunno usually do this figured u do it alot... |
| ______________________________________ [Feb 16,2007 9:26pm - the_reverend ""] $string =preg_replace("\.\.","",$string); or $string =preg_replace("/\.\./","",$string); something like that. sorry, I've been programming perl for the past month. |
| _________________________________ [Feb 16,2007 10:14pm - NIGGER ""] Use PERL instead. PHP is for wiggers. |
| __________________________________ [Feb 16,2007 11:15pm - sxealex ""] worddddddd |
| _______________________________________ [Feb 17,2007 12:59am - the_reverend ""] hm... weird.. for some reason, I thought that I was the one that was building a whole interactive tracking site in perl. going on my limited 11 years of Perl and cgi experience and 6 years of PHP experience. Perl is more powerful, but the language is too sloppy and you can't read other people's code with out a million comments or them over your sholder. oh, and the comments can only be a single line long. Perl has a lot more data typing and has "pointers" aka references. you can reference arrary, hashes, and functions. very C like of them. for simple little scripts, nothing beats Perl (not tlk or python or php). but the problem with CGI is the language wasn't made to do websites. that was a moduled added after the fact, making it a cluster fuck. things get way too complicated way too fast. PHP on the other had starters off easy and stays easy. it comes installed as a module already (perl is a script call which is slow). if you want module perl, you have to run mod perl. it's also object oriented and since it was made to do websites, it's got everything you need right there. sure there isn't the same scoping as perl (my bless), but that's easy to work around. |
| __________________________________ [Feb 17,2007 11:46am - sxealex ""] im pretty sure php scripts are currently the fastest... at least someone told me that. i dont know perl... last time i tried it was a pain to install and this was along time ago b4 php i think. |
| _______________________________________ [Feb 17,2007 11:55am - the_reverend ""] mod perl and um.. whatever the perl above that is suppose to beat PHP. but that was pre-4.1 release. I'm not sure now that they are on 5.1 the reason is that Perl is usually CGI based (a process outside of apache is called) where as PHP is typically module based (runs inside apache). |