PHP Tutorials: Dynamic pages (Update)
August 22nd, 2009 | 
Author: 
An update to my Dynamic pages tutorial, showing how to include sub sections (as folders) in the GET variable in your URL bar. This helps create a better design for your directory structure.
Duration : 0:6:46
An update to my Dynamic pages tutorial, showing how to include sub sections (as folders) in the GET variable in your URL bar. This helps create a better design for your directory structure.
Duration : 0:6:46
Posted in 
Tags:
Google: html footer
Google: html footer
Wow.. that is …
Wow.. that is complicated… hard to understand.. You talk so fast.
Nevermind, the flaw …
Nevermind, the flaw was in the first one too if you served ../../ pages
I see you have a …
I see you have a huge security risk, and I see you’ll update soon.
Anyway in your first version you actually didn’t have that if people don’t put their config.php in inc/ but in for example includes/
Only in your second version you put in the security issue, I actually thought with the else you were gonna fix it. But alas, we’ll wait
Hi there…
I’m …
Hi there…
I’m just trying to understand the risk here…
Here is my directory structure:
inc/test/test1/passwd.php
and here is the URL:
index.php?../../passwd.php
and passwd.php is not shown up!
The output is:
Sorry mate: that page does not exist!
Any help would be appreciated
I’ll have an update …
I’ll have an update on this as soon as possible, thanks!
What happens if the …
What happens if the user does index.php?page=/../../../htpasswd or config.php or anything like that..
Huge security risk imo.