O'Reilly logo

PHP 5 CMS Framework Development by Martin Brampton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Discussion and considerations

Code needs to be loaded, and this does not happen automatically without some effort on our part. The loading of code has the potential to raise serious security issues that must be tackled. There are also practical matters of how to make code as clean and efficient as possible.

Security

There has been a spate of cracks exploiting code-loading loopholes. Suppose we have a file containing PHP that is intended to be loaded for execution by other code that was triggered by the request from a user's browser. A simplified example would be:

<?php
require_once ($basedir.'/somecode.php');
// More code that is perfectly safe follows
?>

First, how does the crack work? Supposing the previous code is in a file called ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required