Hej,
Jeg er ved at lave en directory listing men jeg har nogle problemer.
For at gøre den sikker bruger jeg fjerner jeg "/", ".", "../" og "./" fra
$dir.
Scriptet virker helt fint.
Der er bare det problem at jeg ikke kan "dir up". Altså gå til parent dir.
Det er naturligvis pga. den sikkerhedsanordning jeg beskriver ovenfor.
Hvordan kan jeg nu gøre sådan at jeg kan "komme tilbage" til diret ovenfor?
Sourcen er vedhæftet herudner:
---
<HTML>
<HEAD>
<?
$directory = $_REQUEST["dir"]; // lets fetch the variable: REQUEST works for
both, POST and GET methods
if (substr($directory, 0, 1) == "/")
$directory = "";
$directory = str_replace ("./", "", $directory);
$directory = str_replace (".", "", $directory);
if($directory=="dirup") $directory="../";
?>
<TITLE><?=$directory?></TITLE>
</HEAD>
<BODY>
<TABLE cellspacing="0">
<TR>
<TH>Name:</TH>
<TH>Type:</TH>
<TH>Size:</TH>
<TH>Date:</TH>
</TR>
<TR>
<TD><A href="dir.php?dir=<?=$directory?>/../">../ (up)</A></TD>
<TD></TD>
<TD></TD>
<TD></TD>
</TR>
<?
if ($directory != @$null)
{ // lets check if the variable "dir" has something in it, otherwise lets
just print out the empty document
if ($dir = @opendir($directory))
{ // changed "./" to the directory variable
echo ("Listing contents of <b>$directory</b><BR>\n"); // i just
added this thing
while (($file = readdir($dir)) !== false)
{
if ($file != "." && $file != "..")
{
$location = "$directory/$file";
$type = filetype($location);
$size = filesize($location);
if (is_dir($location) == true)
{
?>
<TR>
<TD><a href="dir.php?dir=<?=$location?>"><?=$file?></a></TD>
<TD><?=$type?></TD>
<TD><?=$size?></TD>
<TD></TD>
</TR>
<?
}
else
{
?>
<TR>
<TD><a href="<?=$location?>"><?=$file?></a></TD>
<TD><?=$type?></TD>
<TD><?=$size?></TD>
<TD></TD>
</TR>
<?
}
}
}
closedir($dir);
}
}
?>
</TABLE>
<A href="
http://files.peps.dk">files.peps.dk
</BODY>
</HTML>
---
Mvh
Thomas