regex to safely include files

engmah

hi,

i need to include files came from url something likes nuke modules and file names

http://{host}/index.php?mod=somefolder&file=somefile

then i will include (somefolder/somefile.php)

so i need a pcre to check that there is no tricks in mod name and file name

thanks

robert_w_ark

Umm, you mean something like this?

include (!file_exists(@$_GET['mod']."/".@$_GET['file'])) "Error.php" : $_GET['mod']."/".$_GET['file'];

// Error.php is the file if $_GET['mod'] / $_GET['file'] doesnt exist.
// If it does exist, then display it.

Hope this works, -Rob