PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
riley
Forum Commoner
Posts: 45 Joined: Thu May 02, 2002 6:31 pm
Post
by riley » Sun May 11, 2003 3:45 pm
If I have a template that uses an URL like
http//../template.php?page=newpage.php
is checking to ensure the file exist secure enough to stop harmful hacking to the server?
Code: Select all
if ( !IsSet( $_GETї'page'] ) )$page = 'home.php';
if ( file_exists( $page ) ) {
webstuff here
} else {
echo "NOT Allowed";
}
volka
DevNet Evangelist
Posts: 8391 Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger
Post
by volka » Sun May 11, 2003 4:44 pm
what about
http//../template.php?page=.htpasswd
or
http//../template.php?page=.%2Fsecret%2Fcert.key
?
riley
Forum Commoner
Posts: 45 Joined: Thu May 02, 2002 6:31 pm
Post
by riley » Sun May 11, 2003 5:16 pm
Well I don't know!
I did try the two examples and nothing was returned to the browser. What should I have expected?
volka
DevNet Evangelist
Posts: 8391 Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger
Post
by volka » Sun May 11, 2003 5:22 pm
those were only examples
without further checks the user might get any file the script has access to.
The second evaluates to ./secret/cert.key, I doubt you would be too happy if the user sees that files if it exists
[]InTeR[]
Forum Regular
Posts: 416 Joined: Thu Apr 24, 2003 6:51 am
Location: The Netherlands
Post
by []InTeR[] » Mon May 12, 2003 1:52 am
To keep this from happening i:
- allwase ad a exstension.
- and don't allow slashes, backslashes and dots.