>After my host recently upgraded to the latest version after reading the
>recent advisory I have got an error that won't load one of my php pages and
>I can't see why not. Here's the error I get -
>Warning: Failed opening '' for inclusion
>(include_path='.:/usr/lib/apache/php') in /home/sites/site41/web/horror.php
>on line 28

>      <br><? include("$page") ?>

$page is probably empty because of register_globals being OFF by default

You'll need something like:

$page = $_GET['page'] at the top of your script.

Oh, and it's a *REALLY* BAD IDEA to do what you are doing!

What if I put in this:


You've just given me your entire /etc/passwd file which I can now use
against my dictionary to search for somebody's password.

Even if your computer won't give me /etc/passwd, I'll bet there are some
files I can get ahold of that you don't want me to.

Odds are really good that $page should be from a finite set of values --
Make sure the $page I ask for is what you expect.

If you really cannot predict what $page will be, make sure I don't use '../'
in my $page, and then use the full path to the $page files so I can't "break
out" of that directory:
  if (strstr('..', $page)){
    $page = 'badperson.htm';
<?php include "/full/path/to/$page"?>

Like Music?  http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro).  Need to record live events (mixed already) to stereo
CD-quality.  Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff.  Zero (0)
post-production time.  Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to