|
Posted by Richard Lynch on 05/04/05 03:31
On Sun, May 1, 2005 7:43 pm, Thomas Bonham said:
> <?php
> if(isset($_GET ['page']))
> {include($_GET ['page'].".php");}
So, what happens when I decide to use:
http://bonhamlinux.org?page=secret
If you have a file named secret.php, I just loaded it.
More importantly, I loaded it, but you've never really PLANNED on my
loading it, at least not as a link "target"
So all kinds of PHP code is being executed all out of context, and out of
order, from what you expected.
This is a good way for somebody to poke and peek and trash your site --
Just by executing your code in unexpected order/pre-conditions.
You probably have a limited number of pages you are serving up this way.
Do something like this:
$valid_pages = array_flip(array('main', 'links', 'contact'));
$page = isset($_GET['page']) ? $_GET['page'] : 'home';
if (isset($valid_pages[$page])){
require "$page.php";
}
else{
//maybe log hack attempt here
require "home.php";
}
Now people can *ONLY* load the pages you expect them to load, not just any
old chunk of PHP you happen to have laying around on your server, whether
you expected them to load it or not.
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|