php: dynamic includes. is this way safe?

Associate
Joined
11 Oct 2008
Posts
268
I've been looking into using dynamic includes in my layout and I have found this tutorial which claims to be a safe way of doing it. As im still very new to php would someone more experienced kindly be able to tell me if this code is safe.

Thanks :)

PHP:
<?php if (isset($_GET['x'])) {
   if (strpos($_GET['x'], "/")) {
      $dir = substr(str_replace('..', '', $_GET['x']), 0, strpos($_GET['x'], "/")) . "/";
      $file = substr(strrchr($_GET['x'], "/"), 1);
      if (file_exists($dir.$file.".php")) {
         include($dir.$file.".php");
      } else {
         include("index2.php");
      }
   } else {
      if (file_exists(basename($_GET['x']).".php")) {
         include(basename($_GET['x']).".php");
      } else {
         include("index2.php");
      }
   }
} else {
   include("index2.php");
} ?>
 
Back
Top Bottom