PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
Huh!?!!?
There is no GET/POST so the user can not manipulate the path to the image, so having this hack prevention is useless, because the only way it can be hacked would be by going into the code and if that is possible then the hacker could just as easily remove this hack prevention technique.
$image = str_replace(array('..', '.'), '', $image); //Remove .. and . to prevent navigation to other folders from hackers
Huh!?!!?
There is no GET/POST so the user can not manipulate the path to the image, so having this hack prevention is useless, because the only way it can be hacked would be by going into the code and if that is possible then the hacker could just as easily remove this hack prevention technique.
It's better to protect when this is not necessary, then to be unprotected...
It's currently hard-coded to be 'def.jpg', but probably in future version this will be dynamic?