我有一种情况,我打开一个基于$ _SERVER ['REMOTE_USER']变量的文件.我认为这不是恶搞,但我想确认一下.我不想让自己容易阅读任意文件:
<? $user = $_SERVER['REMOTE_USER']; $fp = fopen("./$user.png","r"); ?>
php security cgi
cgi ×1
php ×1
security ×1