i wrote a script to display the HTML code of some of my files            ... but now I want to make sure people can't use the script to look at any file on my page they want. I want to use the get method of passing information so I can make a link like
 http://www.gruckiii.com/ShowCode.php?path=WebLog.php

now the script forces "Files/" to be appended to the begining of the file name. So is this enough to keep people from looking at files in other directories? or is useing the GET method just a terrible idea here?

If it helps this is the code for my show file script
http://www.gruckiii.com/ShowCode.php?path=ShowCode.php

thats kind of ironic isn't it hehe    
 
 [ September 18, 2002, 08:31 AM: Message edited by: gruckiii ]

ok so this is obviously not safe hehe

I will have to rethink how to do this:)
Thanks for your help.

*Edit
I made a cheap fix to the script where I replace any ".."s with a $
Maybe I should not use GET? it would be kind of hard to do this with the POST method though.
 
 [ September 19, 2002, 02:12 PM: Message edited by: gruckiii ]