开发者

file_exists with reserved filenames bug

开发者 https://www.devze.com 2023-03-02 13:08 出处:网络
Ok here\'s my code $ref = $_GET[\'ref\']; if (file_exists(\'views/\'.$ref.\'.php\')) { $this->prepare($ref)开发者_JAVA百科;

Ok here's my code

        $ref = $_GET['ref'];
        if (file_exists('views/'.$ref.'.php')) {
            $this->prepare($ref)开发者_JAVA百科;
        } 
        elseif (!file_exists('views/'.$ref.'.php')) {
        echo 'Page you are requesting doesn´t exist';
        }

I'm currently having issues if users try to do ?ref=con or ?ref=com1 etc, file_exists will always return true. Is there a work around for this?


Probably because those files actually exist. I'd be more worried about the potential for abuse. You should filter your inputs.

Also the elseif is unnecessary. else would suffice just fine.


Please try using: is_file http://php.net/manual/en/function.is-file.php

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号