If they went to that, then they could delete that page.... How can i make it so that IF they have come from the file, file_list.php they can click on the button in that page that runs the link, but IF they just go directley to that address then it displays an error message... im guessing it would be using sessions?
Hi! I just went to your site and told that file to delete itself which it happily did. I hope you realise I've done you a massive favour here. Someone could have used that to delete your entire website. That is the second most insecure thing I have ever seen on this board. The award for the most insecure ever has to go to sheepo-designs for this clanger in his code: ($variable)?require($variable):null;
Reply With Quote
Bookmarks