Posted by Jochem Maas on 02/24/05 17:04
Jason Barnett wrote:
> Jacques wrote:
>
>>Can make use of an absolute URL when using require() or require_once()?
>>
>
>
> Yes, as long as you have allow_url_fopen = 1 in your php.ini
unless you absolutely 100% trust the server in question I would say that
its madness to include/require a file from another server...
e.g. you could include this wonderful little html file:
http://example.com/evilhaxor.html
which might contain.
<?php
echo file_get_contents('/etc/passwd');
exit;
?>
guess what that does when you include it :-),
just so you know there are pitfalls, some are quite deep!
>
>
>>Regards
>>
>>Jacques
>
>
>
[Back to original message]
|