I'm working on a new site and i'm not very good with php at all. i only know the basics, and the include script i use was written by an old friend years ago. now that im using php5, the include script doesnt work. the error message doesn't even pop up. here is the script, so hopefully someone here can help

       <?php

$abspath = ".";
$extension = "txt";
$defaultfile = "default.txt";
$errorfile = "404.txt";
$query = "barrel";


clearstatcache();
$includestring = "";
$mainpage = urldecode($$query);
$mainstring = $abspath."/".$mainpage.".".$extension;
if (!$mainpage) {
  $includestring = $abspath."/".$defaultfile;
} elseif (ereg("\.\.", $mainpage) || substr($mainpage,0,2) == "./" || substr($mainpage,0,3) == "../") {
  die("Screw off.");
} else {
  if (file_exists($mainstring) && is_file($mainstring)) {
   $includestring = $mainstring;
  } else {
   $includestring = $abspath."/".$errorfile;
  }
}
@include($includestring);

?>

    Looking at this:

    urldecode($$query);

    I would have to ask, where is $barrel ever defined?

    It looks like this script depended on register_globals, a deprecated directive that was declared a security risk and has been removed from future versions of PHP.

    EDIT: After looking at the code some more, starting over from scratch might be easier (and cleaner).

      12 days later

      $barrel is defined uptop, i believe, going by how it worked with php4. It sounds like it would be easier to start from scratch, but I have no idea where to begin. the very little i remember about php is very outdated from the looks of it. can anyone help? I'm just trying to write a simple include script with a default and error page.

        armada80455 wrote:

        $barrel is defined uptop, i believe, going by how it worked with php4.

        What do you mean "uptop" ? I don't see any $barrel = lines anywhere, unless there are parts of the code you didn't post.

        If this variable is supposed to be coming from data in the URL (or POST'ed from a form), then you should take a look at this section in the manual: [man]variables.external[/man].

          Write a Reply...