I am trying to reference a file from a subdirectory of my root folder in a way that only the "main" changes.
I have this pice of code in my home.php file:
<div id="main" class="main">
<?php require $_GET['main'] . ".php"; ?>
</div>
All the navigation buttons should change the "main" to certain files in various folders under the folder which contains home.php.
The below code snippet works perfectly if the file I am referencing is in the same folder as my working file:
<a href="?main=dashboard.php">Dashboard 1</a>
What I want to do is (I imagine) like this:
<a href="?main=folder/dashboard.php"> Dashboard 1</a>
where the file I am referencing is in a different folder.
Also, if I reference the file in question with
<a href="folder/dashboard.php"> Dashboard 1</a>
the file loads, but it does not target the "main" like it should with ?main=
I tried myriad ways that I read about / though would work, but nothing did so far. Any help would be much appreciated.
Don't require files from user input without validation!
<?php
// For Security a list of granted paths.
$allowedPaths = [
'folder/dashboard.php',
];
$main = isset($_GET['main']) ? $_GET['main'] : '';
if(!in_array($main, $allowedPaths) {
// Error handling
die('Path not allowed');
}
require $main;
?>
The link could look like
<a href="?main=folder%2Fdashboard.php">
echo urlencode('folder/dashboard.php'); to make the slash valid..php extension twice (once in URL and again in code).