Jump to content

Suggestion. Need some help


Mod-Jay
 Share

Recommended Posts

Hello, i Want the following code and the Variable $page To load a file in a folder. And get all of its contents. How would i do this?

 

<?php
$page = "{$_GET['page']}";

if(md5($_GET['page'] == '')) {  

}
?>

Link to comment
Share on other sites

No purpose to having md5 as I can see, assuming you mean include a php file based on $_get["page"]....

 

$page = $_GET["page"];

// Includes whatever page they want, totally insecure!
// Could send a GET request with page = http://mysite.com/totalhackz0rscript.php
include($page);

// So we'll use whitelisting

$acceptablePages = array(
"page1.php",
"page2.php",
"page3.php");

if (in_array($_GET["page"], $acceptablePages))
{
include($_GET["page"]);
} else {
exit("The page you requested is not allowed."):
}


Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.