Leaderboard
Popular Content
Showing content with the highest reputation on 06/13/2024 in all areas
-
also, don't use the actual filename in the download link, as this will allow directory traversal, with the current download.php code, to be used to download any file off of the server, such as your database connection credentials. instead, use an id in the link, then in the download.php code, query to find the actual filename, if any, based on the id. it's an error if the submitted id doesn't match a row of data or if there's no defined file for that id.1 point
-
You don't have a filename for any of those files. Is there supposed to be a filename for all of those files? If so then you need to fix that. If not then you need to change your code so that it doesn't try to show a download button if there is no file to download.1 point
This leaderboard is set to New York/GMT-05:00