On 18 April 2010 21:43, Micky Hulse mickyhulse.li...@gmail.com wrote:
On Sun, Apr 18, 2010 at 10:23 AM, Michiel Sikma mich...@thingmajig.org
wrote:
I would prefer to use include() since it runs the code in the same
context,
...snip...
with your data rather than printing it right away.
Hi Michiel!
One thing to keep in mind is that this one doesn't take eval() vs regular
include execution time into account, in case you were still considering
using it. According to this page, it's many times
I was still considering it... I mean, I am still exploring all my
options for the
On 18 April 2010 02:08, Micky Hulse mickyhulse.li...@gmail.com wrote:
Hi Michiel! Thanks for the help, I really appreciate it. :)
It depends. What's exactly do you want to prevent? It doesn't seem like a
...snip...
include, say, additional HTML content, use file_get_contents() instead.
On Sun, Apr 18, 2010 at 10:23 AM, Michiel Sikma mich...@thingmajig.org wrote:
I would prefer to use include() since it runs the code in the same context,
...snip...
with your data rather than printing it right away.
Thanks for the reply Michiel, I really appreciate it. :)
For some benchmarks
On 16 April 2010 06:57, Micky Hulse mickyhulse.li...@gmail.com wrote:
Hi,
-snip-
The above code snippet is used in a class which would allow developers
(of a specific CMS) to include files without having to put php include
tags on the template view.
The include path will be using the
Hi Michiel! Thanks for the help, I really appreciate it. :)
It depends. What's exactly do you want to prevent? It doesn't seem like a
...snip...
include, say, additional HTML content, use file_get_contents() instead.
Very good points. My goal was to write a plugin that would allow me to
What do ya'll think? Any suggestions?
Sorry for the duplicate posting... I had some problems signing-up for
the list. :(
Also, I moved my test code to sniplr:
http://snipplr.com/view/32192/php-security-include-path-cleansing/
TIA!
Cheers
M
--
PHP General Mailing List (http://www.php.net/)
Hi,
Code:
=
ob_start();
switch ($this-command)
{
case 'include':
@include($x);
break;
default:
@readfile($x);
}
$data = ob_get_contents();
ob_end_clean();
=
The above code snippet is used in a class which would allow
if allow_url_include is turned off, you don't have to worry much about http,
if '.' is a invalide char, you can't include *.php...
the include path probably should be the inc(whatever the name)
folder(not accessible from web) instead of the web root and '..'
should be disallowed
On Fri, Apr 16,
if allow_url_include is turned off, you don't have to worry much about http,
if '.' is a invalide char, you can't include *.php...
the include path probably should be the inc(whatever the name)
folder(not accessible from web) instead of the web root and '..'
should be disallowed
Hi Ryan!
Hi,
Code:
=
ob_start();
switch ($this-command)
{
case 'include':
@include($x);
break;
default:
@readfile($x);
}
$data = ob_get_contents();
ob_end_clean();
=
The above code snippet is used in a class which would
11 matches
Mail list logo
