Originally Posted by
Stormrider
I would be extremely careful with that, that code will enable anyone to run any function they like on your server. Validate the function against a whitelist of allowed functions before calling it.
Perhaps, it can be done like this:
(wrote some quick validations)
Code:
<?php
$fun = $_GET['fun'];
if (empty($fun)) {
standard();
}
else
{
if($fun != "function1" || $fun != "function2" || $fun != "standard") {
echo "do not mess with the code";
} else {
$fun();
}
}
function standard() {
echo "<a href=\"?fun=function1\">call function 1</a>";
echo "<a href=\"?fun=function2\">call function 2</a>";
}
function function1() {
if($fun != "function1"){
echo "do not mess with the code";
} else {
echo "this shows function one";
}
function function2() {
if($fun != "function2"){
echo "do not mess with the code";
} else {
echo "this shows function two";
}
}
?>
Or isn't this safe?
Bookmarks