Mik*_*ike 3 php security include
如何清除这个以便用户无法将页面拉到本地域之外?
<?php
if(!empty($_GET['page']))
{
include($_GET['page']);
}
else
{
include('home.php');
}
?>
Gre*_*reg 12
最安全的方法是将您的网页列入白名单:
$page = 'home.php';
$allowedPages = array('one.php', 'two.php', ...);
if (!empty($_GET['page']) && in_array($_GET['page'], $allowedPages))
$page = $_GET['page'];
include $page;