radian Posted February 16, 2009 Share Posted February 16, 2009 Can any one help me with the code below? Would it be possible to stop directory transversals and only allow page requests from the pages directory? So e.g. a user won't be able to change directory into the admin folder. <?php $p = $_GET['p']; if ( !empty($p) && file_exists('./pages/' . $p . '.php') && stristr( $p, '.' ) == False ) ) { $file = './pages/' . $p . '.php'; } else { $file = './pages/default.php'; } include $file; ?> Link to comment https://forums.phpfreaks.com/topic/145476-help-with-php-get/ Share on other sites More sharing options...
marcus Posted February 16, 2009 Share Posted February 16, 2009 You could just use an array $pages = array('goat','cheese','narnia','etc'); if(in_array($p,$pages)){ .... Link to comment https://forums.phpfreaks.com/topic/145476-help-with-php-get/#findComment-763743 Share on other sites More sharing options...
radian Posted February 16, 2009 Author Share Posted February 16, 2009 Now why didn't I think of that. Thanks Very Much! Radian Link to comment https://forums.phpfreaks.com/topic/145476-help-with-php-get/#findComment-763746 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.