Simple security question: PHP Includes
My sample index.php
include 'class.php';
$x = new class;
include $_GET['page'].'.php'; //checks if isset file_exists and in_array of valid fil开发者_如何学编程e names before including;
I want to make sure the page being included can't be accessed directly. Below are some examples of code I'm placing on the first line of code on the files that are being included within index.php.
I've tried: (if not being included within index.php die)
if($_SERVER['SCRIPT_NAME']!='/index.php') die;
and (if the class that's defined in the index is not set die);
if(!isset($x)) die;
What's your favorite way to make pages being included within php inaccessible when viewed directly?
define()
and defined()
.
Or just put them outside of the document root.
if($_SERVER['SCRIPT_FILENAME'] == __FILE__) {
die("Go Away");
}
Sorry, updated it to be right.
精彩评论