Download
2010-01-08, 12:59:43
The id thing really isn't a huge security hole however it could be used maliciously when checking for a file. Plus, better safe than sorry anyway.
The login thing isn't such a huge deal its just a personal preference as I stated. Its not a security risk either so it's a safe fix around.
The define however is a WAY better solution rather than checking if the user is accessing the file because some servers don't allow use of those variables or may just treat them differently where as you can always define and check for defined variables in php. Inclusion from remote server will not allow that inclusion where as you can trick the php file into thinking that they are on it.
-- the pm, theres no hack oriented details.
On the urgent post, I just had forgotten a file in that tutorial on the fix and really didn't think about how someone might take that post if they only read that one. Sorry.
The login thing isn't such a huge deal its just a personal preference as I stated. Its not a security risk either so it's a safe fix around.
The define however is a WAY better solution rather than checking if the user is accessing the file because some servers don't allow use of those variables or may just treat them differently where as you can always define and check for defined variables in php. Inclusion from remote server will not allow that inclusion where as you can trick the php file into thinking that they are on it.
-- the pm, theres no hack oriented details.
On the urgent post, I just had forgotten a file in that tutorial on the fix and really didn't think about how someone might take that post if they only read that one. Sorry.
http://nijikokun.com
random stuff. idk.
random stuff. idk.
