开发者

Simple security question: PHP Includes

开发者 https://www.devze.com 2022-12-19 06:05 出处:网络
My sample index.php include \'class.php\'; $x = new class; include $_GET[\'page\'].\'.php\'; //checks if isset file_exists and in_array of valid fil开发者_如何学编程e names before including;

My sample index.php

include 'class.php';
$x = new class;
include $_GET['page'].'.php'; //checks if isset file_exists and in_array of valid fil开发者_如何学编程e names before including;

I want to make sure the page being included can't be accessed directly. Below are some examples of code I'm placing on the first line of code on the files that are being included within index.php.

I've tried: (if not being included within index.php die)

if($_SERVER['SCRIPT_NAME']!='/index.php') die;

and (if the class that's defined in the index is not set die);

if(!isset($x)) die;

What's your favorite way to make pages being included within php inaccessible when viewed directly?


define() and defined().

Or just put them outside of the document root.


if($_SERVER['SCRIPT_FILENAME'] == __FILE__) {
     die("Go Away");
 }

Sorry, updated it to be right.

0

精彩评论

暂无评论...
验证码 换一张
取 消