remote-file-inclusion

Would this redirect script open me up for code injection or remote file inclusion?

Recently I ran across a blog article about using PHP scripts to redirect affiliate links. It got me thinking whether this script was safe or not. I've heard that using the $_GET variable can lead to a vulnerability. Any suggestions would be appreciated. Would checking the input for alphanumerics and the hyphen ('-') be enough to guar...

How to Open a Remote Text File using Server.MapPath in ASP.Net?

This is what I have right now for a file residing on the same server and it works. Dim FILENAME as String = Server.MapPath("Output.txt") Dim objStreamWriter as StreamWriter objStreamWriter = File.CreateText(FILENAME) dr = myCommand.ExecuteReader() While dr.Read() objStreamWriter.WriteLine("{0}|{1}|{2:yyyy-MM-dd}|{3:yyyy-MM-dd}", dr(0...

cck remote file (image) field - I want to keep the cached copy of the image when the node is deleted

I use the Remote File module for a cck field displaying a remote image. It works with a known issue: images are reloaded on every edit http://drupal.org/node/395256 And as i do tests with lots of nodes and delete them afterwards, the images cached in filesystem become deleted too. Is there a way to tell filefield(?) not to delete them?...

PHP eval(gzinflate(base64_decode(..))) hack - how to prevent it from occurring again?

We recently had a website hacked, where some PHP code was injected into the index.php file that looked something like: eval (gzinflate(base64_decode('s127ezsS/...bA236UA1'))); The code was causing another php file (cnfg.php) to be included, which was causing some pharmaceutical-related spam to be displayed (but only visible to googleb...