need help making include section more secure [Archive]

runnerjp

04-07-2008, 05:12 PM

hey guys

i use this

Code:

<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";
if (file_exists($file)) {
require($file);
}
?>

but i dnt seem to think its secure lol

jaap

04-07-2008, 07:44 PM

Try this:

Add the following to your files:
<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";

// now, add this:
define('IN_MY_CUSTOM_CMS',true);

if (file_exists($file)) {
require($file);
}
?>
.. and in the file you want to include:

<?php
if(!defined('IN_MY_CUSTOM_CMS')){
echo 'hack attempt';
exit(0);
}
?>

You could also create an array with allowed files and check if your filename is in that.