Secure include($_REQUEST[‘page’])

<?
    $allowed=explode(' ','forside profil produkter sikkerhed service kontakt');

    if (in_array($_REQUEST['p'],$allowed))
    {
        include($_REQUEST['p'].'.inc');
    }
    else
    {
        include($allowed[0].'.inc');
    }
?>


include file.inc as contained in $_REQUEST['p'] (query variable) if `file` are liste in the $allowed array.
Dette indlæg blev udgivet i Apache, Knowledge Base, Old Base, Security. Bogmærk permalinket.

Skriv et svar