Surfing directory
i have a customer that have upgrade a php script on him account and he can see all the directory but get Permission Denied when try to access on it but if he put a path of a account that is on the server he can see all the files and download it example if he open
http://www.domain.com/directoryscrip...e/public_html/
he can see evrything, how can i stop this? maybe with openbasedir?
<?php $folder = $_GET['folder']; if (!$folder') $folder'=$_SERVER['DOCUMENT_ROOT']; $ClassDir = dir($folder'); echo "path: ".$ClassDir->path."<br>$
<table cellpadding=0 cellspacing=0 border=0 style="font: 11px/18px tahoma,arial;">
<?php
while ($j = $ClassDir->read()) {
if ($folder'!="/") $k = $folder'."/".$j; else $k = "/".$j;
$i++; $ty = filetype($k);
if ($ty=="dir") $text = sprintf("<tr style=\"padding: 0px 5px;\"><td>%03d</td><td>%s</td><td><b>%s</b></td><td>%04o</td><td>%s</td><td>%s</td><td>%d</td><td>$
else
$text = sprintf("<tr style=\"padding: 0px 5px;\"><td>%03d</td><td>%s</td><td><b>%s</b></td><td>%04o</td><td>%s</td><td>%s</td><td>%d</td><td><a href=\"read.p$
echo $text;
}
$ClassDir->close(); ?>
