>After my host recently upgraded to the latest version after reading the
>recent advisory I have got an error that won't load one of my php pages and
>I can't see why not. Here's the error I get -
>
>Warning: Failed opening '' for inclusion
>(include_path='.:/usr/lib/apache/php') in /home/sites/site41/web/horror.php
>on line 28
> <br><? include("$page") ?>
$page is probably empty because of register_globals being OFF by default
now.
You'll need something like:
$page = $_GET['page'] at the top of your script.
Oh, and it's a *REALLY* BAD IDEA to do what you are doing!
What if I put in this:
http://yourserver.com/yourpage.php?page=/etc/passwd
You've just given me your entire /etc/passwd file which I can now use
against my dictionary to search for somebody's password.
Even if your computer won't give me /etc/passwd, I'll bet there are some
files I can get ahold of that you don't want me to.
Odds are really good that $page should be from a finite set of values --
Make sure the $page I ask for is what you expect.
If you really cannot predict what $page will be, make sure I don't use '../'
in my $page, and then use the full path to the $page files so I can't "break
out" of that directory:
<?php
if (strstr('..', $page)){
$page = 'badperson.htm';
}
<?php include "/full/path/to/$page"?>
--
Like Music? http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro). Need to record live events (mixed already) to stereo
CD-quality. Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff. Zero (0)
post-production time. Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo
audio-to-disk.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
