PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I recently scanned my website for vulnerabilities. I came up with two huge ones: Blind SQL/XPath injection for numeric inputs and Directory traversal (Unix).
<?php
require_once "config.inc.php";
require_once "includes/init.inc.php";
require "includes/filter.inc.php";
// TODO: Remove these completly
include ('modules/functions.php');
include ('skin/header.php');
include ('skin/side.php');
// TODO: Move or improve this
if (isset($_GET['act'])) {
$page = $_GET['act'];
if (file_exists('pages/'.$page.'.php')) {
include ('pages/'.$page.'.php');
$cc = 'nothing';
} else {
include ('pages/index.php');
$cc = 'home';
}
} else {
include ('pages/index.php');
}
// TODO: Remove these completly
include ('skin/right-side.php');
include ('skin/footer.php');
include ('skin/map.php');
?>
I am new to PHP and am wondering how to fix it. Thanks.