PhpDig.net - View Single Post - Security update breaks sites that call the search function from another directory

ZAP · 01-19-2004, 04:22 PM

Just a quick tip:

If you're having trouble figuring out the correct value to add for your $relative_script_path (as I was), you can first change the security patch code to the following:

// prevent remote command execution
if ((isset($relative_script_path)) &&
($relative_script_path != ".") &&
($relative_script_path != "..")) {
echo $relative_script_path; exit();
}

Do a search and you will see what the proper path should be. Then IMMEDIATELY delete the "echo $relative_script_path;" and add your custom path to the IF statement as explained above. Only do this if you're having trouble getting phpDig to work after you add this security patch and you're not sure what your $relative_script_path is.

In my case, I had installed phpDig so long ago that I no longer remembered what I'd customized...

01-19-2004, 04:22 PM	#3
ZAP Green Mole Join Date: Nov 2003 Posts: 7	Just a quick tip: If you're having trouble figuring out the correct value to add for your $relative_script_path (as I was), you can first change the security patch code to the following: // prevent remote command execution if ((isset($relative_script_path)) && ($relative_script_path != ".") && ($relative_script_path != "..")) { echo $relative_script_path; exit(); } Do a search and you will see what the proper path should be. Then IMMEDIATELY delete the "echo $relative_script_path;" and add your custom path to the IF statement as explained above. Only do this if you're having trouble getting phpDig to work after you add this security patch and you're not sure what your $relative_script_path is. In my case, I had installed phpDig so long ago that I no longer remembered what I'd customized...