|
|
|
Did you ever try to do something like :
| <HTML>
<BODY>
<FORM ENCTYPE="multipart/form-data" NAME="MyForm" ACTION="SomeFile.php" METHOD="POST">
<INPUT NAME="file" TYPE="file" VALUE="c:\MyDir\MyFile.txt">
</FORM>
</BODY>
</HTML> | |
But when you look at the HTML and expect to see c:\MyDir\MyFile.txt in the file field you actually
get an empty field.
Well, it's not a bug, it's actually a security feature :). Suppose that you could set a value in that field, what will prevent you from accessing practically any file on the computer of someone visiting your site?
All you need to do, is set this field with the path and name to any file on the visitors computer and submit the form (Can be done by Java Script without the user even knowing about it).
Hope you didn't try to preset that value for too long before you read this. |
|
| Introduction to Language Files
Categories : PHP, Filesystem, Beginner Guides | | | A flat file counter
Categories : PHP, Cookies, Filesystem, Beginner Guides | | | Creating a Language File
Categories : PHP, Beginner Guides, Filesystem | | | How to keep your tables width stable even if you have long strings inside.
Categories : CSS, Web Browsers, HTML, Beginner Guides | | | A very simple PHP single password cookie based login without usernames.
Categories : PHP, Cookies, Security, Beginner Guides | | | PHP based Contact email form with multiple recipients, text file based, supports departments.
Categories : PHP, Email, Beginner Guides, Filesystem | | | A damaged image generator (class) for validating text.
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
Categories : PHP, PHP Classes, Security, GD image library, Security | | | How to preset a text string in a textarea input field
Categories : HTML, HTML and PHP, PHP, Beginner Guides | | | Convert a File database into MySQL
Categories : PHP, Filesystem, Databases, MySQL, Beginner Guides | | | A function to clean input coming from form fields (Minimize the risk for XSS and SQL Injection attacks).
Categories : Beginner Guides, Security, Data Validation | | | Human readable PHP password generator
Categories : PHP, Security, Beginner Guides, Arrays | | | Rollover Image link effect using only single image.
Categories : Web Design, HTML, CSS, Beginner Guides | | | complete simply working javascript password generator file. Use letter, vowels, consonants (uppercase and lowercase) arrays to create a really random and secure password.
improved security using time functions to initialize random number generator.
Categories : Java Script, HTML, Security, Authentication, Strings | | | Prevent Right Mouse steal your graphics
Categories : HTML, Java Script, Security | | | Conditional Check - a script that allows a user to submit a form only if the user check a checkbox.
Categories : HTML, Java Script, Form Processing, Beginner Guides | |
|
|
|
