i would like to have a REGEX to filter/match the QUERY_STRING whenever contains the parameters like theese php|data|ftp|http|..|/|:// and any other character that can be used for Remote File Inclusion.
Thank's to all for the time:
PS: i know this is better done with htaccess but开发者_如何学运维 i need a regex now.
Don't, if that's your security, it's likely to break. Whitelist and/or check for existance of local files before including/requiring anything. Better yet: don't let anyone have any direct influence of what files you include with outside variables.
If you want to prevent remote file inclusion, you could simply disable the stream wrappers, e.g.
allow_url_include- this option allows the use of URL-aware fopen wrappers with the following functions: include(), include_once(), require(), require_once().
and for any other URL aware functions
disable allow_url_fopen- This option enables the URL-aware fopen wrappers that enable accessing URL object like files
If you want to check if the query param is a URL, you can use parse_url
if (parse_url($url) === FALSE) {
or use the filter_* functions
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论