StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>To prevent errors and unauthorized file access (secure) to pages outside of your web directory or invalid pages you should do the following.</p> <p>Validate $_GET['page'] by checking for periods. While periods may be valid in file names, it looks like you would be constructing the filename from the value and a period could indicate a breakout attempt to gain access to a root directory.</p> <p>From there I would construct the filepath for the include, and then use file_exists to make sure it exists before including it.</p> <p>As for the changing title for the page include I would do something like this:</p> <pre><code><?php $page_title = 'Default Title'; $page_to_include = 'default'; if( strpos($_GET['page'], '.') !== false ){ //throw/display error - could be a breakout attempt } if( !file_exists(sprintf('page_includes/%s.php', $_GET['page'])) ){ //requested page does not exists, throw or display error }else{ $page_to_include = sprintf('page_includes/%s.php', $_GET['page']); } //do page validation here with file_exists ob_start(); include $page_to_include; $included_page = ob_get_clean(); //gets contents and cleans the buffer and closes it require_once 'includes/header.php'; echo $included_page; require_once 'includes/footer.php'; ?> </code></pre> <p>This way the page is included first and stored in a buffer rather that output. It allows you included page to modify $page_title, and then that modified $page_title is available to the header.php script for output within the tags.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload