...

View Full Version : need help making include section more secure



runnerjp
04-07-2008, 05:12 PM
hey guys

i use this

Code:


<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";
if (file_exists($file)) {
require($file);
}
?>


but i dnt seem to think its secure lol

jaap
04-07-2008, 07:44 PM
Try this:

Add the following to your files:

<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";

// now, add this:
define('IN_MY_CUSTOM_CMS',true);

if (file_exists($file)) {
require($file);
}
?>
.. and in the file you want to include:


<?php
if(!defined('IN_MY_CUSTOM_CMS')){
echo 'hack attempt';
exit(0);
}
?>




You could also create an array with allowed files and check if your filename is in that.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum