Yes, I do tests to make sure that the file actually exists and what
not. I have just simplified my code for this example....
~PT
On May 30, 2006, at 11:27 AM, Martin Alterisio wrote:
2006/5/30, Philip Thompson <[EMAIL PROTECTED]>:
<?
if ($subPage = $_GET['page'])
include ("$subPage");
?>
Are you checking what the user is sending inside $_GET['page']? If
not, your system is vulnerable to a remote file injection.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
