Title: ?x=page
Last modified: August 18, 2016

---

# ?x=page

 *  Resolved [fluokabouter](https://wordpress.org/support/users/fluokabouter/)
 * (@fluokabouter)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/)
 * I’ve added to index.php a script to include other pages easily .
    Without I’ve
   to care about the design .
 * When there is a ?x=page and it isn’t index it’s included and else it just displays
   the articles .
 * My question is : Is it save to use ?
    Or can people with bad intensions fuck 
   everything up ?
 * Thanks .

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241285)
 * Unless we know – by examining – the script, there is no way on earth we can answer
   is there ?
 *  Thread Starter [fluokabouter](https://wordpress.org/support/users/fluokabouter/)
 * (@fluokabouter)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241295)
 * <?
    function checkPage($page) { //Controle if($page==”index”) return false; $
   page.=”.php”; return file_exists($page); }
 * $pagina=$_GET[‘x’];
 * if(!isset($pagina) || empty($pagina)) $pagina=”index”;
 * if(checkPage($pagina)) include($pagina.”.php”);
    else{ ?> Normal content // <?}?
   >
 * Sorry , here you are 🙂
 *  [Joshua Sigar](https://wordpress.org/support/users/alphaoide/)
 * (@alphaoide)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241299)
 * Depending on the server setting, a file from external site could be included 
   and …
 *  Thread Starter [fluokabouter](https://wordpress.org/support/users/fluokabouter/)
 * (@fluokabouter)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241332)
 * from an external site ?
    Hmm // Going to try that
 *  Thread Starter [fluokabouter](https://wordpress.org/support/users/fluokabouter/)
 * (@fluokabouter)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241358)
 * doesn’t work , it’s ok I think =)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241359)
 * What happens if someone tries to load
    `example.com/?x=../../../../../../../etc/
   passwd`
 * You should restrict which pages are loadable, by ensuring that any path elements
   are stripped from the supplied input.
 * You should sanitize the user input as much as possible, to restrict what they
   can open.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘?x=page’ is closed to new replies.

 * 6 replies
 * 4 participants
 * Last reply from: [skippy](https://wordpress.org/support/users/skippy/)
 * Last activity: [20 years, 9 months ago](https://wordpress.org/support/topic/xpage/#post-241359)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics