[thelist] PHP template code security sufficient?

Tue May 15 16:58:42 CDT 2007

I only skimmed the article, but it doesn't appear to touch on  
security at all, Peter. The code fragment you send the list will only  
insert the contents of an HTML page [$page is a variable] between the  
<div> tags. If you're looking for security, try:

PHP Login System with Admin Features
http://evolt.org/node/60384

Jeffrey

--
Cheers.
Jeffrey Barke
jeffery.barke at theMechanism.com
Lead Developer, US
theMechanism - New York City
440 9th Avenue, 8th Floor
New York, NY 10001-1631
t: +1 212.404.3150
c: +1 917.941.1232
f: +1 212.404.3228

http://www.theMechanism.com

Subscribe to theMechcast, our monthly Podcast:
http://feeds.feedburner.com/theMechcast

theMechanism - London
3rd Floor
405 The Strand
London E14 9FW
United Kingdom
t: +44 (0)20 7240 4942
f: +44 (0)20 7240 2262

--
The information contained in this Electronic mail message is attorney  
privileged and confidential information intended only for the use of  
the individual or entity named above. Such information also is  
intended to be privileged, confidential, and exempt from disclosure  
under applicable law. If the reader of this message is not the  
intended recipient or the employee or agent responsible to deliver it  
to the intended recipient, you are hereby notified that any  
dissemination, distribution, or copying of this communication is  
strictly prohibited. If you have received this communication in  
error, please notify us immediately by telephone.

Blah, blah, blah...
--

On May 15, 2007, at 5:34 PM, P Chen wrote:

> I was reading an old tutorial on A List Apart regarding building a PHP
> template based site using the following code to insert page-specific
> content, but wasn't sure if this was sufficient in terms of  
> security. I
> don't know much about php security, so I'm hoping someone can shed  
> light on
> this piece of code, what it's vulnerable to, etc...
>
> http://alistapart.com/articles/phpcms/
>
> <div class="body">
> <?php @ require_once ("$page.html"); ?>
> </div>
>
> Thanks,
> Peter
>
> -- 
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !