|
|
Posted by Rik on 08/16/07 15:57
On Thu, 16 Aug 2007 17:48:15 +0200, Ulf Kadner <dr_logic@gmx.net> wrote:=
> Heikki wrote:
>> first. sory about bad english.
>
> me 2
I'm more annoyed at the multiposting then the bad english :P
>
>> my index.php has link-menu in a right side, that opens something.php
>> next to the menu.
>> something.php has a link link-menu at the top of the page that shoul=
d
>> open stuff.php under this last menu.
>> the broblem is that stuff.php opens to the place of something.php. s=
o
>> the top link-menu disapears.
>>
>> $sivut =3D array('something');
>> if (in_array($_GET['sivu'], $sivut)) {
>> include ($_GET['sivu'] . '.php');
>
> This is not a answer to your asked problem but a answer to a other =
> Problem.
>
> Can you give me the URL of youre Script? Why? Im bad! ;-) What you are=
=
> doing here is may good to easy hack youre site/server.
>
> "Examine everything, trust nobody!"
>
> Example:
>
> If i call your script at follow:
> ?sivu=3Dhttp://example.com/mybad-script
>
> It will include an *run* my file http://example.com/mybad-script.php i=
f =
> it is delived in text/plain with usable PHP-Code. So i can do everythi=
ng.
That's what his/hers? in_array() statement is for, it is actual filterin=
g =
on preapproved values, so the OP is OK.
There is something inherently wrong in how he is doing it/what he is =
expecting, if I have the time I'll post a proposal later, busy now :)
-- =
Rik Wasmus
Navigation:
[Reply to this message]
|