FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Why and wherefore file downloads
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Why and wherefore file downloads [message #176678 is a reply to message #176654] Tue, 17 January 2012 01:01 Go to previous messageGo to previous message
Harry Putnam is currently offline  Harry Putnam
Messages: 2
Registered: January 2012
Karma:
Junior Member
"M. Strobel" <sorry_no_mail_here(at)nowhere(dot)dee> writes:

> Am 14.01.2012 19:43, schrieb Harry Putnam:
> ---cut
>> ------- --------- ---=--- --------- --------
>> From_mohitsharma.net.php
>>
>> php
>>
>> <?php
>> // The file path where the file exists
>> $filepath = "**HERE**".$_GET['filename']."";
> ---cut
>
>> @readfile($filepath);
>> ?>
> --------------cut
>
>> ------- 8< snip ---------- 8< snip ---------- 8<snip -------
>> #!/usr/bin/perl
>>
>> use strict;
>> use warnings;
>> use diagnostics;
>>
>> my ($frdir,$reg, @files, $php);
>> $php = './Frommohitsharma.net.php';
>
> your perl calls Frommohitsharma.net.php, but you print From_mohitsharma.net.php.
>
> You are calling a different script.

No, that is something added when I wrote this message, It was to
indicate the php script and typed wrong inadvertently, not a typo
exactly, more like a memory lapse.

But it would have no bearing on what gets called.

The script being called is whatever is in the variable $php and there
is only one such script available.

> This is the only explanation because the parameter filepath is used unchanged in the
> readfile() function and it should not work if you change it.

That is the odd part. Even if I do change it so that it doesn't really
point to the files, it still works.

For example, I just tried this:

$filepath = "".$_GET['filename'].""; # no path listed at all.

Yet I am still shown an mp3 to play or download.

And this:

$filepath = "/not".$_GET['filename'].""; ## wrong non-existent path
## listed

At first I thought it might be because the mp3s where in the same dir
as the php script. So I changed that just to find out.

The 1 lonesome mp3 has been moved to /test

I don't have root on the server but can control my little bit of it.

PS - do you mind explaining a bit in an off-group (via email) message,
what you mean by the bit about insecure?
Note: I do not munge my email address ... its real.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Previous Topic: bind_param - vars not literals
Next Topic: phpmyadmin config problems
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 04:39:28 GMT 2024

Total time taken to generate the page: 0.04626 seconds