drh37116 2013-12-03 14:31
浏览 14

包括安全 - 相对和绝对路径

I wanted to know if it is safe to use includes on pages.

I read using allow_url_include is un-safe, I was using it before with absolute paths, but worked out I could bypass the problem with relative paths, but is this really safe?

Also would something like this really work?

   $header= preg_replace('/[^a-zA-Z0-9_]/', '', $_GET['header']);
   include "http://mysite.co.uk/directory/$header.php"; 
  • 写回答

1条回答 默认 最新

  • duanlushen8940 2013-12-03 14:40

    Here's an example that illustrates the concept I made in the comments above.

    $headers = array('loggedin.php','loggedout.php','someotherheader.php', 'etc.php');
    $key     = (int) $_GET['header']; // We know it must be a integer so cast to int
    $header  = $headers[$key];
    include "http://mysite.co.uk/directory/$header"; 

    This can be improved upon by verifying the key exists in the array and if it doesn't defaulting to a default header. You also shouldn't be including files via URL. You should be using the path to the file on disk. It's much faster.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



    • ¥20 C语言字符串不区分大小写字典排序相关问题
    • ¥15 关于#python#的问题:我希望通过逆向技术爬取1688搜索页下滑加载的数据
    • ¥15 学习C++过程中遇到的问题
    • ¥15 关于Linux的终端里,模拟实现一个带口令保护的屏保程序遇到的输入输出的问题!(语言-c语言)
    • ¥15 学习C++过程中遇到的问题
    • ¥15 请问,这个嵌入式Linux系统怎么分析,crc检验区域在哪
    • ¥15 二分类改为多分类问题
    • ¥15 Unity微信小游戏上调用ReadPixels()方法报错
    • ¥15 如何通过求后验分布求得样本中属于两种物种其中一种的概率?
    • ¥15 q从常量变成sin函数,怎么改写python代码?