Any variable passed by the client cannot EVER be trusted.
In this case - you're letting the client CHOOSE which file they want to upload / replace anywhere in your server, by letting the client set the upload directory via the "dirname" variable.
Guys if you gonna post code, think about all the noobs that will take this piece and just throw it on their pages not knowing how it even works.
Er. Rochak Chauhan - 2007-06-16 05:56:30 - In reply to message 1 from tino tino
Hi Tino
I believe you have not checked the License, it says "Free For Educational Use"
So that means, no one is using this class for production level coding.
Although, Most them ask me or modify on their own to make it safer, efficient and production level piece of code.
But I respect your concern and genuinely appreciate it. Keep it up