How does this look Matt:

<a href="../index.cfm?include=custOps_shout">Click here</a>

<!--- set default page --->
<cfparam name="url.include" default="news_link">

<!--- Don't trust the url variable. Add some tests here to make sure it
looks safe --->

<!--- check your include exists --->
<cfif not fileexists(physicalPath/includes/#url.include#.cfm)>
        <!--- reset your include variable to point to a 404 catcher --->
        <cfset url.include = "404">
</cfif>

<!--- include your file --->
<cfinclude template="includes/#url.include#.cfm">

Having url parameters specifying which files to include does open security
holes, but with relevant checking in place it should be workable.


Cheers

Mark


______________
Mark Stanton
Web Production
Gruden Pty Ltd
Tel: 9956 6388
Mob: 0410 458 201
Fax: 9956 8433
www.gruden.com


---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

MX Downunder AsiaPac DevCon - http://mxdu.com/

Reply via email to