PHP :: Bug #15852 :: Displaying the file system

Bug #15852	Displaying the file system
Submitted:	2002-03-03 20:54 UTC	Modified:	2002-03-04 02:25 UTC
From:	webmaster at editgroup dot com dot au	Assigned:
Status:	Not a bug	Package:	Directory function related
PHP Version:	4.1.2	OS:	Win2K
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	webmaster at editgroup dot com dot au
New email:
PHP Version:		OS:

New Comment:

[2002-03-03 20:54 UTC] webmaster at editgroup dot com dot au

A client has posted us the following code, after being able to view to complete filesystem on a Windows 2000 server we resell space on:

----------------------------------------------------
<? 
// get directory handle 
$hook = dir("c:winnt"); 

// display location 
echo "<b>Current path is $hook->path</b><br>"; 

// read directory and echo list 
while ($file=$hook->read()) 
{ 
if ($file != "." && $file != "..") 
{ 
echo "$file<br>"; 
} 
} 

// close directory 
$hook->close(); 
?> 
----------------------------------------------------

Is there anyway to protect against this, and does it represent a security flaw?

Thanks

Gary

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-04 02:25 UTC] mfischer@php.net

The bug system is not the appropriate forum for asking support
questions. For a list of a range of more appropriate places to ask
for help using PHP, please visit http://www.php.net/support.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 29 03:00:01 2025 UTC