2010-02-01, 11:22:20
internet54 Wrote:For the file upload issue, it is this code that breaks it.
Code:if (basename($_SERVER['PHP_SELF']) == 'upload-ajax.php') {
die('You cannot load this page directly.');
}
I can delete that code and replace it with a .htaccess file restriction and it works like a charm.
The problem with that is that newbies would have an issue trying to figure it out.
Wow I couldn't belive that there are people who actually try this without thinking.
Thx to this "workaround" I found 3 (!) get Simple sites within 10 minutes I could easily hack thanks to this unlimited upload script and the script breaker removal.
ccagle8: You should definitely do something about this issue. A session verification is the absolute minimum which has to exist in this script.
When i've time tomorrow, I'll hack it myself (if you didn't fix already)