file_exists with reserved filenames bug
Ok here's my code
$ref = $_GET['ref'];
if (file_exists('views/'.$ref.'.php')) {
$this->prepare($ref)开发者_JAVA百科;
}
elseif (!file_exists('views/'.$ref.'.php')) {
echo 'Page you are requesting doesn´t exist';
}
I'm currently having issues if users try to do ?ref=con or ?ref=com1 etc, file_exists will always return true. Is there a work around for this?
Probably because those files actually exist. I'd be more worried about the potential for abuse. You should filter your inputs.
Also the elseif
is unnecessary. else
would suffice just fine.
Please try using: is_file http://php.net/manual/en/function.is-file.php
精彩评论