Home/ Questions/Q 6891153
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T06:22:25+00:00

I did the research and couldnt find anything useful I have a problem with

  • 0

I did the research and couldnt find anything useful

I have a problem with phpthumb , 

http://localhost/sandbox/public/PhpThumb/phpThumb.php?src=../../../../../../../../../etc/passwd&w=140px&h=120px&q=100

I need to replace the the ../ proceeding the src. Basically to remove all ../ occrunces. Or to redirect to an error page. I prefer both.

RewriteRule ^(.*)phpThumb\.php?(src)?(=)?(\.\.\/)*$ images/unknown.gif [NC]

I suspect that the above rule which i created is not correct. Please advise.

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You cannot do this kind of modification via mod_rewrite like this. It is only concerned with the actual URL, not with GET parameters. You should handle those from within the executed PHP script.

    Other option would be to add a RewriteCond using %{QUERY_STRING} which is (in comparison to RewriteRule) able to work with GET parameters. Then you can use %1, %2, … in the replacement part of your RewriteRule instead of $1, $2, …

    Something like this:

    RewriteCond %{QUERY_STRING} \.\./
RewriteRule phpThumb\.php$ images/unknown.gif [L]
    • 0