using a registry to include files
Posted: Sun Aug 10, 2008 5:34 pm
Below is a very simple example of what I am doing. Essentially I have a "front controller" which validates an incoming http get request against a white list. The http request is a file that should be included. If it is valid, the request is stored in a registry. Once it is stored in the registry, an instance of another class is called - that class is responsible for including the validated request (which is now stored in the registry). Aside from some abstraction that may seem complete useless in my code below, is it safe to use data stored in the registry (which is a valid http request) to include the file? I cannot see anything wrong with it even though Zend Studio is complaining about an "unsafe use of variable in call include()/require()." I just think thats because Zend Studio does not know where the variable is coming from.
So, is there anything unsafe about line 28?
Thank you,
John
Code: Select all
<?php
class Singleton
{
private static $instance;
public $file;
private function __construct ($file)
{
$this->file = $file;
}
public static function init ($file = null)
{
if (! isset(self::$instance)) {
self::$instance = new self($file);
}
return self::$instance;
}
}
class Includer
{
public function __construct ()
{
$config = Singleton::init();
require_once ($config->file);
}
}
$valid_files = array("myfile" , "yourfile" , "foo" , "bar");
$requested_file = $_GET['file'];
if (in_array($requested_file, $valid_files)) {
$file = $requested_file . ".php";
$config = Singleton::init($file);
new Includer();
}
?>Thank you,
John