file_exists with reserved filenames bug

127 Views Asked by teorius At 04 April 2025 at 22:12

Ok here's my code

        $ref = $_GET['ref'];
        if (file_exists('views/'.$ref.'.php')) {
            $this->prepare($ref);
        } 
        elseif (!file_exists('views/'.$ref.'.php')) {
        echo 'Page you are requesting doesn´t exist';
        }

I'm currently having issues if users try to do ?ref=con or ?ref=com1 etc, file_exists will always return true. Is there a work around for this?

Original Q&A

There are 2 best solutions below

Chris Eberle On 30 April 2011 at 18:46 BEST ANSWER

Probably because those files actually exist. I'd be more worried about the potential for abuse. You should filter your inputs.

Also the elseif is unnecessary. else would suffice just fine.

zokibtmkd On 30 April 2011 at 18:47

Please try using: is_file http://php.net/manual/en/function.is-file.php

file_exists with reserved filenames bug

There are 2 best solutions below

Related Questions in PHP

Related Questions in FILENAMES

Related Questions in FILE-EXISTS

Related Questions in RESERVED

Trending Questions

Popular # Hahtags

Popular Questions