[ic] Re: [include pages/[mv_arg] ]

Rene Hertell interchange-users@icdevgroup.org
Fri Sep 6 05:09:03 2002


> You should be more security aware !! The user can view any file
> in your catalog tree with the above code, e.g
> mv_arg=../products/access.asc

True, I did not think of that. But luckily this variable is not viewable in
the URL, because I use it in a redirecting actionmap (and the variable is
named something else as in my question :)

This is also a temporary solution. I had to find out a fast way in
converting an old site into a "Powered by Interchange" site. Later on I'll
add that included-stuff into a db.