Posted by Evan Charlton on 08/06/07 19:53

techusky@gmail.com wrote:
>
> Now, I realize this is NOT a secure directory listing, because someone
> could simply append "/.." to the url and keep moving up directories
> even if they are out of the realm of the web server. Is there an
> *easy* way to "lock" this script from going up a directory from where
> the script is stored? In other words, I want users to be able to
> navigate DOWN in whatever directories may exist, but not UP *past* the
> directory in which the script is located.
>

A simple way to check would be to replace any "." (and associated HTML
codes so it can't be 'fooled') in the URL before parsing so that they
have no effect. I believe this would be secure; anyone see any holes in
the logic?

- Evan Charlton

• Next in forum: Re: Custom directory listing and $_GET question
• Prev in forum: Free Form Builder Utility with PHP back end
• Thread view: Re: Custom directory listing and $_GET question

[Reply to this message]