whiteboikyle Posted April 1, 2008 Share Posted April 1, 2008 Okay i have a view.php file that has something like <?php include("header.inc"); if(!$_GET['view']) { header("location:index.php"); } else { include($_GET['view']); } include("footer.inc"); ?> So i go to localhost/kazi/view.php?view=aboutus.inc It shows up like TEST Test test instead of TEST Test test when its typed like that in the about us Well i tried nl2br(); but it wont seem to work on this.. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted April 1, 2008 Share Posted April 1, 2008 What's in the file you were including? Please post you code snippets between tags. Ken Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 1, 2008 Share Posted April 1, 2008 Also, please review your code. it is VERY dangerous. You are allowing an attacker to parse, execute and view ANY FILE php has access to just by entering it into the title bar Quote Link to comment Share on other sites More sharing options...
coder_ Posted April 1, 2008 Share Posted April 1, 2008 first of all, you have a major security error: localhost/kazi/view.php?view=aboutus.inc //Do not let user to freely enter the file you want to include. This is exatly you did though url. You could try something like this: http://www.sebastiansulinski.co.uk/web_design_tutorials/php/php_url_parameter.php Quote Link to comment Share on other sites More sharing options...
whiteboikyle Posted April 1, 2008 Author Share Posted April 1, 2008 No i have it secured on other pages.. But what i am trying to do is aboutus.inc is a plain txt file and what ever is in there shows up on the page.. Well when going to edit it in the user console you have to type html codes for it to break.. but i want it to break on its own when you press enter (new line) Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 1, 2008 Share Posted April 1, 2008 nl2br(); Quote Link to comment Share on other sites More sharing options...
whiteboikyle Posted April 1, 2008 Author Share Posted April 1, 2008 I said i have tried that? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted April 1, 2008 Share Posted April 1, 2008 Do: <?php echo '<pre>'; include($get['view']); echo '</pre>'; ?> Ken Quote Link to comment Share on other sites More sharing options...
whiteboikyle Posted April 1, 2008 Author Share Posted April 1, 2008 Thanks dude that works. easy html i never new.. lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.