Posted by Robin on 01/12/07 16:16

TMN wrote:
> Toby Inkster wrote:
>> TMN wrote:
>>
>>> The include works and finds 'displayIncidents.php' instead of trying
>>> to find 'displayIncidents.php&delete=true' - is this because I used
>>> urlencode ?
>> PHP takes a query string, e.g. the part after the question mark in:
>>
>> http://example.net/foo.php?a=1&b=2&c=3
>>
>> and splits it up using ampersands (although it can be configured to
>> use different characters instead/as well) like this:
>>
>> a=1
>> b=2
>> c=3
>>
>> and then uses these to populate a global array called $_GET, such that:
>>
>> $_GET['a'] = 1;
>> $_GET['b'] = 2;
>> $_GET['c'] = 3;
>>
>> This $_GET array can now be accessed by "foo.php" and used as it likes.
>> (foo.php is also able to access the raw, unprocessed query string, but
>> this is not usually very useful.)
>>
>> In your example, statistics.php sees:
>>
>> $_GET['fileName'] = 'displayIncidents.php';
>> $_GET['delete'] = 'true';
>>
>> so the following code:
>>
>> $file=$_GET['fileName'];
>> echo "Requested File is: ".$file;
>> include($file);
>>
>> works.
>>
>> --
>> Toby A Inkster BSc (Hons) ARCS
>> Contact Me ~ http://tobyinkster.co.uk/contact
>
>
> Thanks again that is a very clear explanation...
>
> Tim
> South Africa
>

As no one else has pointed it out (though it should be obvious)...

Doing include($file) without any validation of $file would be a big bad
security hole.

Robin

[Back to original message]