davej Posted October 12, 2013 Share Posted October 12, 2013 Does the presence of a Php file like this pose a security risk? <?php header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=".$_GET['path']); readfile($_GET['path']);?> Link to comment Share on other sites More sharing options...
Ingolme Posted October 12, 2013 Share Posted October 12, 2013 If you have your database login information in a file anywhere then this is a security threat. To be safe, remove any / or from the path and restrict the files to one directory that you know doesn't have sensitive information. Using file_exists() first to show an error if the file isn't found would also be a good idea. Link to comment Share on other sites More sharing options...
davej Posted October 12, 2013 Author Share Posted October 12, 2013 Removal of slashes is a good idea, and I could also remove any character encoding symbols. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now