Difference between revisions of "PHP File Inclusion"

Latest revision as of 03:14, 1 February 2016

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 02/1/2016

PHP, as many other languages, allows the inclution of files in order to provide or extend the functionality of the current file.

TBD

<?PHP 
include '/path/filename.php';
include_once 'path/filename.class.php';
require '../path/filename.inc';
require_once 'filename.inc.php';
?>

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

@@ Line 1: / Line 1: @@
+{{Template:Stub}}
 {{Template:Vulnerability}}
-{{Template:Stub}}
-[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
 Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
-[[ASDR Table of Contents]]
-__TOC__
 ==Description==
-PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.
+PHP, as many other languages, allows the inclution of files in order to provide or extend the functionality of the current file.
 ==Risk Factors==
@@ Line 25: / Line 17: @@
 ==Examples==
-<?PHP
+ <?PHP
-include '/path/filename.php';
+ include '/path/filename.php';
-include_once 'path/filename.class.php';
+ include_once 'path/filename.class.php';
-require '../path/filename.inc';
+ require '../path/filename.inc';
-require_once 'filename.inc.php';
+ require_once 'filename.inc.php';
-?>
+ ?>
 ==Related [[Attacks]]==
@@ Line 93: / Line 85: @@
 [[Category:OWASP ASDR Project]]
 [[Category:PHP]]
+[[Category:Vulnerability]]