I been using this php dynamic include code on my site. But I think it not safe, how can write safer and better code to replace this:
$page = (empty($_GET['page'])) ? '' : $_GET['page'].".html";
if (empty($page))
{
$page = 'index.html';
}
else
{
$page = $page;
}
include($page);
Thank you very much
分享 You can define some sort of whitelist to determine what files are allowed to be included in this fashion and check that list before doing the include.
Another way would be to only allow includes within a certain directory (or child directories) and verify that the requested files are within that directory.
分享
