Is this page include function secure?
Posted: Thu Mar 10, 2005 6:10 pm
I'd appreciate it if someone could check this tiny function for any holes that I can't think of.
It's use is probably quite obvious. I use it for selecting the page to be included on the main index page by $_GET. This way, only one page containing the layout of the site is needed. I know that using a switch would be 100% secure, however on some sites that i design, there are dozen's of pages that need to be linked to, and doing it this way saves typing 
usage: <link>/index.php?page=blah
Code: Select all
function getPage($page, $default="about", $ext=".html") {
if (!$page || !file_exists("./".$page.$ext)) $page=$default;
return $page.$ext;
}usage: <link>/index.php?page=blah
Code: Select all
include(getPage($_GET['page']));