开发者

file_exists with reserved filenames bug

Ok here's my code

        $ref = $_GET['ref'];
        if (file_exists('views/'.$ref.'.php')) {
            $this->prepare($ref)开发者_JAVA百科;
        } 
        elseif (!file_exists('views/'.$ref.'.php')) {
        echo 'Page you are requesting doesn´t exist';
        }

I'm currently having issues if users try to do ?ref=con or ?ref=com1 etc, file_exists will always return true. Is there a work around for this?


Probably because those files actually exist. I'd be more worried about the potential for abuse. You should filter your inputs.

Also the elseif is unnecessary. else would suffice just fine.


Please try using: is_file http://php.net/manual/en/function.is-file.php

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜