WordPress Tutorial => Sanitize file name

Download WordPress (PDF)

Fastest Entity Framework Extensions

Example

$incfile = sanitize_file_name($_REQUEST["file"]);
include($incfile . ".php");

Without sanitizing the file name an attacker could simple pass http://attacker_site/malicous_page as input and execute whatever code in your server.

PDF - Download WordPress for free

Previous Next

Get monthly updates about new articles, cheatsheets, and tricks.