[geeklog-devel] Testing of getimage.php
dirk at haun-online.de
Wed Jan 7 13:52:33 EST 2004
>My only real issue with what I have done is security. I'm worried that
>it may be possible to hack the getstring in a way that may allow access
>to unrestricted files.
Since you're including lib-common.php in the very first line, which then
goes on to include config.php (all with hard-coded paths), it would
overwrite whatever path was passed in the URL. So that shouldn't be a problem.
The only issue would come up if someone doesn't have the
$_CONF['path_images'] defined in their config.php (e.g. because they were
using an old copy). But that would probably be noticed before any hacking
>and I am check for '..' in the image name for someone that
>may try using relative paths
That certainly can't hurt.
>If you get a chance, give it a try.
Haven't tried it yet, the above were just thoughts after looking at the
More information about the geeklog-devel