包括安全 [英] Include safety
本文介绍了包括安全的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
<?php
if (preg_match('/^[a-z0-9]+$/', $_GET['page'])) {
$page = realpath('includes/'.$_GET['page'].'.php');
$tpl = realpath('templates/'.$_GET['page'].'.html');
if ($page && $tpl) {
include $page;
include $tpl;
} else {
// log error!
}
} else {
// log error!
}
?>
你觉得这有多安全?
Stack Overflow上的Gumbo写道。
动态包含安全
How safe would you say this is?
Gumbo here on Stack Overflow wrote it.
Dynamic Include Safety
我想听听你的意见。
欢呼
推荐答案
我' d说这很安全。只是不要允许任何东西写入这些文件夹。 PHP文件传统上位于服务器的Web根目录中,这对于开始是危险的。如果配置错误或.htaccess文件丢失,最好将正在加载的文件放置到外部绝对无法访问的区域。
I'd say it's pretty safe. Just don't allow anything to write to those folders. PHP files are traditionally inside the web root of a server which is dangerous to start with. It would be better to place the files being loaded to an area that's absolutely inaccessible to the outside given a configuration error or a .htaccess file going missing.
这篇关于包括安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文