Associate
- Joined
- 11 Oct 2008
- Posts
- 268
I've been looking into using dynamic includes in my layout and I have found this tutorial which claims to be a safe way of doing it. As im still very new to php would someone more experienced kindly be able to tell me if this code is safe.
Thanks
Thanks
PHP:
<?php if (isset($_GET['x'])) {
if (strpos($_GET['x'], "/")) {
$dir = substr(str_replace('..', '', $_GET['x']), 0, strpos($_GET['x'], "/")) . "/";
$file = substr(strrchr($_GET['x'], "/"), 1);
if (file_exists($dir.$file.".php")) {
include($dir.$file.".php");
} else {
include("index2.php");
}
} else {
if (file_exists(basename($_GET['x']).".php")) {
include(basename($_GET['x']).".php");
} else {
include("index2.php");
}
}
} else {
include("index2.php");
} ?>