Add security to included files

dynamiccookies / Radarr-Assistant

An interface that ties into Radarr's API to allow searching for movies, verifying movies currently in the Radarr library, and adding movies to Radarr's queue.

MIT License

0 stars 0 forks source link

Add security to included files #44

Open dynamiccookies opened 2 years ago

dynamiccookies commented 2 years ago

Set defined variable before including file Check for defined variable in included file, and return permission denied error if does not exist Unset defined variable after including file

Example Code

In Calling File:

$included = true;
require_once('called_file.php');
$included = false;

In Called File:

if (!$included) {
  header('HTTP/1.0 403 Forbidden');
  exit;
}

dynamiccookies commented 2 years ago

Decided on slight change to process.

In Calling File:

$include = true;
require_once 'admin/config.php';

$include = true;
require_once 'files/functions.php';

In Called File:

if (!isset($include)) {
    header('HTTP/1.0 403 Forbidden');
    exit;
} else {unset($include);}