[英]Including a file via include in PHP
Basically, I'm currently in the process of developing some form of Framework , It's going to have a main index file that'll control the pages that are displayed, I'll then include
files based on the URL that is rewritten using .htaccess , so my .htaccess would look something like this. 基本上,我目前正在开发某种形式的Framework ,它将拥有一个主索引文件,该文件将控制显示的页面,然后将
include
基于使用.htaccess重写的URL的文件。 ,所以我的.htaccess看起来像这样。
Options +FollowSymlinks -MultiViews
AddType "text/html; charset=UTF-8" html
AddType "text/plain; charset=UTF-8" txt
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# if file not exists
RewriteCond %{REQUEST_FILENAME} !-f
# if dir not exists
RewriteCond %{REQUEST_FILENAME} !-d
# avoid 404s of missing assets in our script
RewriteCond %{REQUEST_URI} !^.*\.(jpe?g|png|gif|css|js)$ [NC]
# core framework url rewriting
RewriteRule ^ index.php [L]
<IfModule mod_rewrite.c>
While keeping in mind that I have this line RewriteRule ^ index.php [L]
I'd then use the following in my index.php 在记住我有这行
RewriteRule ^ index.php [L]
我会在index.php中使用以下内容
define("PAGES", $_SERVER['DOCUMENT_ROOT']."/pages");
$uri = explode("/",substr($_SERVER['REQUEST_URI'],1));
if((isset($uri[0])) && ($uri[0]!="")) {$page = $uri[0];} else {$page = "login";}
if(is_file(PAGES."/$page/$page.php")) {
include(PAGES."/$page/$page.php");
} else {
include(PAGES."/error_pages/404.php");
}
Would this be deemed as secure enough? 这会被认为足够安全吗? or would this provide the ability for some form of exploit to be done?
还是这提供了进行某种形式的利用的能力?
更好的解决方案是使用PHP> = 5.3的名称空间和自动加载功能,直到用户无法在DOCUMENT_ROOT中创建自己的文件并且您应避免将文件包含在DOCUMENT_ROOT中的可能性之前,您的解决方案才是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.