Sie befinden sich hier: Krischer.org » Code » php » snipplets » Disallow Directory changes
Ältere Versionen ODT Export

Disallow Directory changes

Improved security for websites using the php include. Only includes from the same directory are allowed, any double-dots in the name are filtered. 

<?php //for empty id, call home page
    if ($_GET['id'] == '') { $id=('start'); }
    $id=($id.$ext);
?>
//First cut out any .. from the parameter to prevent directory changes
 
$home=('start') //name for homepage
$ext=('.php'); // set file extension
 
    if ($_GET['id'] == '') { $id=$home; }
    $_GET['id'] = str_replace('..', $_GET['id']);
    $id=($_GET['id'].$ext);
 
//Check if file exist
    if (file_exists('./' . $id)) {
        include './' . $id;
    } else {
        //page not found -> show homepage
        include './'.$home.$ext;
    }
 
Nach oben
code/php/snipplets/prevent_pwd_change.txt · Zuletzt geändert: 2010/02/09 21:56 von Manuel Krischer
Übersicht Letzte Änderungen
edv-krischer.de Valid CSS Driven by DokuWiki Recent changes RSS feed Valid XHTML 1.0