#4 & madness

open
nobody
None
5
2007-07-18
2007-07-18
Anonymous
No

If a file or directory name contains an ampersand (&), you cannot do anything with it, as the browser catches it.

Discussion

  • f13o
    f13o
    2010-03-04

    I made a little patch to solve this issue... Very simple....

    Index: html/dir.php

    --- html/dir.php (revision 125)
    +++ html/dir.php (working copy)
    @@ -269,7 +269,7 @@

    if(!isset($dir)) $dir = "";

    -if (!file_exists($cfg["path"].$dir))
    +if (!file_exists($cfg["path"].addcslashes($dir)))
    {
    echo "<strong>".htmlentities($dir)."</strong> could not be found or is not valid.";
    }