[SOLVED] get['view']

[whiteboikyle]

Okay i have a view.php file that has something like

 

<?php
include("header.inc");
if(!$_GET['view']) 
    {
        header("location:index.php");
    }
else
     {
   include($_GET['view']); 
    }

include("footer.inc");

?>

 

So i go to localhost/kazi/view.php?view=aboutus.inc

It shows up like

TEST Test test

 

instead of

TEST

Test

test

 

when its typed like that in the about us

 

 

Well i tried

 

nl2br();

but it wont seem to work on this..

[kenrbnsn]

What's in the file you were including?

 

Please post you code snippets between

tags.

 

Ken

[discomatt]

Also, please review your code. it is VERY dangerous. You are allowing an attacker to parse, execute and view ANY FILE php has access to just by entering it into the title bar

[coder_]

first of all, you have a major security error:

 

localhost/kazi/view.php?view=aboutus.inc

//Do not let user to freely enter the file you want to include. This is exatly you did though url.

 

You could try something like this:

http://www.sebastiansulinski.co.uk/web_design_tutorials/php/php_url_parameter.php

[whiteboikyle]

No i have it secured on other pages..

But what i am trying to do is

aboutus.inc is a plain txt file and what ever is in there shows up on the page..

Well when going to edit it in the user console you have to type html codes for it to break..

but i want it to break on its own when you press enter (new line)

[discomatt]

nl2br();

[whiteboikyle]

I said i have tried that?

[kenrbnsn]

Do:

<?php
echo '<pre>';
include($get['view']);
echo '</pre>';
?>

 

Ken

[whiteboikyle]

Thanks dude that works. easy html i never new.. lol