[nycphp-talk] parse file, return as string
Fan, Wellington
wfan at VillageVoice.com
Thu Aug 19 13:40:24 EDT 2004
> > On Thu, 19 Aug 2004, inforequest wrote:
> >
> > > Fan, Wellington wfan-at-VillageVoice.com |nyphp 04/2004| wrote:
> > >
> > > >ob_start();
> > > >@include($path_to_file);
> > > >$contents = ob_get_clean();
> > > >
> > > >
> > > be very wary of remote injections with that code.... include will
> > > accept a URL in that variable. Explicitly allow
I am under complete control of $path_to_file -- AND it will likely point to
a file outside of docroot.
So, besides the potential injection problems of the above code, any other
way to parse a PHP file and return as a string?
--
WF
More information about the talk
mailing list