Guffi Posted January 24, 2007 Share Posted January 24, 2007 HiThe PHP code is like this in the index-file:include($id);How can I secure it, so $id does not contaion an external link (which could do some harm)I have tried this: if (stristr($id, 'http') == TRUE) { exit("Hacking - STOP!!"); }But this test only work in my brower and does NOT stop from phishing :-(Can someone please help me out here !!?? Link to comment https://forums.phpfreaks.com/topic/35567-securing-the-include-again-external-url/ Share on other sites More sharing options...
trq Posted January 24, 2007 Share Posted January 24, 2007 [code]<?php if (file_exists($id)) { include $id; }?>[/code] Link to comment https://forums.phpfreaks.com/topic/35567-securing-the-include-again-external-url/#findComment-168437 Share on other sites More sharing options...
utexas_pjm Posted January 24, 2007 Share Posted January 24, 2007 [code]$validIncludes = ('modFoo.php', 'modBar.php');if (in_array($id, $validIncludes)) { include $id;}[/code]Best,Patrick Link to comment https://forums.phpfreaks.com/topic/35567-securing-the-include-again-external-url/#findComment-168443 Share on other sites More sharing options...
trq Posted January 24, 2007 Share Posted January 24, 2007 Actually, thinking about it, my code would break if url wrappers are on, sorry. Link to comment https://forums.phpfreaks.com/topic/35567-securing-the-include-again-external-url/#findComment-168471 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.