Is this include script secure?
Posted: Wed Sep 28, 2005 6:03 am
Hello.
After reading the relevant threads about secure includes i've made some changes to mine - Could readers tell me whether the following include script (that includes a particular page of an article) and navigation script (that provides navigation for the article) are in any way vulnerable?
include script
navigation script
Thanks.
After reading the relevant threads about secure includes i've made some changes to mine - Could readers tell me whether the following include script (that includes a particular page of an article) and navigation script (that provides navigation for the article) are in any way vulnerable?
include script
Code: Select all
if (empty($_GET['page'])) @require_once ("1.htm");
else
{
switch ($_GET['page']) {
case "1": @require_once("1.htm"); break;
case "2": @require_once("2.htm"); break;
case "all":
for ($i=1; $i<3; $i++)
{
@require_once ("$i.htm");
}
break;
default: @require_once("1.htm"); break;
}
}Code: Select all
if (empty($_GET['page']))
{
echo "<li><a href='?page=all'>all</a></li>";
echo "<li><a href='?page=2'>2</a></li>";
echo "<li>1</li>";
}
elseif (!empty($_GET['page']) && is_numeric($_GET['page']) && $_GET['page'] < 3 && $_GET['page'] > 0)
{
echo "<li><a href='?page=all'>all</a></li>";
for ($i=2; $i>0; $i--)
{
if ($i == $_GET['page'])
{
echo "<li>$i</li>\n";
}
else
{
echo "<li><a href='?page=$i'>$i</a></li>\n";
}
}
$_GET['page'] = null;
}
elseif (!empty($_GET['page']) && !is_numeric($_GET['page']) && $_GET['page'] == "all")
{
echo "<li>all</li>";
for ($i=2; $i>0; $i--) echo "<li><a href='?page=$i'>$i</a></li>\n";
}
elseif ($_GET['page'] < 0 || $_GET['page'] > 2 || $_GET['page'] !== "all")
{
echo "<li><a href='?page=all'>all</a></li>";
echo "<li><a href='?page=2'>2</a></li>";
echo "<li>1</li>";
}