Code: Select all
<?php
$file = str_replace('..', '', $_GET['file']);
readfile($file);
I have this index.php script in a sub-directory and the .htaccess redirects all requests underneath this file to this file.
I just need to prevent files outside of the this docroot from being selected.
So while my web site might have a structure like:
Code: Select all
/var/www/public_html/
/var/www/public_html/index.html
/var/www/public_html/aboutus.html
/var/www/public_html/images/
/var/www/public_html/resources/
/var/www/public_html/resources/.htaccess
/var/www/public_html/resources/index.php
/var/www/public_html/resources/dynamic.gif.phpCode: Select all
/var/www/public_html/index.php