how to build a good router for php mvc

前端未结

关注

 4  1414

灰色年华 2021-02-03 14:55

I\'m experimenting with php mvc and I\'m stucked with the following issue. My request and router classes are really simple and I would like to extend theme to can handle contro

4条回答

花落未央 (楼主)

2021-02-03 15:52
Your code contains what is known as an LFI vulnerability and is dangerous in its current state.
You should whitelist your what can be used as your $controller, as otherwise an attacker could try to specify something using NUL bytes and possibly going up a directory to include files that SHOULD NOT be ever included, such as /etc/passwd, a config file, whatever.

Your router is not safe for use; beware!

edit: example on whitelisting
```
$safe = array(
    'ajax',
    'somecontroller',
    'foo',
    'bar',
);
if(!in_array($this->_controller, $safe))
{
    throw new Exception(); // replace me with your own error 404 stuff
}
```
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...