?x=page

  • Resolved fluokabouter

    (@fluokabouter)


    20 years, 9 months ago

    I’ve added to index.php a script to include other pages easily .
    Without I’ve to care about the design .

    When there is a ?x=page and it isn’t index it’s included and else it just displays the articles .

    My question is : Is it save to use ?
    Or can people with bad intensions fuck everything up ?

    Thanks .

Viewing 6 replies - 1 through 6 (of 6 total)
  • Mark (podz)

    (@podz)

    20 years, 9 months ago

    Unless we know – by examining – the script, there is no way on earth we can answer is there ?

    Thread Starter fluokabouter

    (@fluokabouter)

    20 years, 9 months ago

    <?
    function checkPage($page) {
    //Controle
    if($page==”index”) return false;
    $page.=”.php”;
    return file_exists($page);
    }

    $pagina=$_GET[‘x’];

    if(!isset($pagina) || empty($pagina)) $pagina=”index”;

    if(checkPage($pagina)) include($pagina.”.php”);
    else{
    ?>
    Normal content //
    <? } ?>

    Sorry , here you are 🙂

    Joshua Sigar

    (@alphaoide)

    20 years, 9 months ago

    Depending on the server setting, a file from external site could be included and …

    Thread Starter fluokabouter

    (@fluokabouter)

    20 years, 9 months ago

    from an external site ?
    Hmm //
    Going to try that

    Thread Starter fluokabouter

    (@fluokabouter)

    20 years, 9 months ago

    doesn’t work , it’s ok I think =)

    skippy

    (@skippy)

    20 years, 9 months ago

    What happens if someone tries to load
    example.com/?x=../../../../../../../etc/passwd

    You should restrict which pages are loadable, by ensuring that any path elements are stripped from the supplied input.

    You should sanitize the user input as much as possible, to restrict what they can open.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘?x=page’ is closed to new replies.