Quote:
|
Originally Posted by trache
As to your second question:
Well, I'm not sure I understand the wording of the question correctly. Can you rephrase perhaps?
Above all, please please please make sure you validate your id1 or id2 variables! I don't see it, but perhaps you do have some validating code, so forget the following if you do:
If they're numbers, make sure they're numbers: use is_numeric(), is_float etc and perhaps if ($id1 > 0) to make sure it's not negative (if that's not what you're going for).
If you don't, someone could easily craft a way to exploit your program. If you're going to be including PHP files, do something like this:
Code:
$inc_files = array('main.php', 'blah.php');
if (in_array($id, $inc_files) == TRUE)
{
include($id);
}
else
{
include('default_page.php');
};
The code may not be correct, but hopefully you get the idea. Now users can't possibly go to any other page that is NOT in the array. You can easily load that array with values from just about anything. |
I don't use the array becuase it's not worth it for the small scale of my site. The percentile chance of malicious code being injected by a user who uses my variable string to call his own page is incredibly small as the php code will only look as far as the root directory for the requested include file.
If your talking about some other type of exploit possability, please explain what you mean.
As for question 2;
Take the page
http://www.arch13.com/index.php?id=b...brewerycolor11
In that URL, I'm hating giving away my folder tree.
I'd like to craft code that wil allow me to say id2=11 and have it call the image mentioned above, so that the user cannot see the image path as the variable, but only
http://www.arch13.com/index.php?id=brewery&id2=11 instead.
As for question 1;
It's a moot point if question two can be answered in a way that address's hiding the directory tree.