i use script enable multilanguage on website :
<?php // start session, might start somewhere else already. session_start(); // languages support $available_langs = array('en','ro'); if(isset($_get['lang']) && $_get['lang'] != ''){ // check if language 1 support if(in_array($_get['lang'], $available_langs)) { $_session['lang'] = $_get['lang']; // set session } } // set our default language session if we've got nothing if ($_session['lang']=='') { $_session['lang'] = 'en'; } $language = $_session['lang']; setcookie("lang", $language, time() + (3600 * 24 * 30), null, null, null, true); // include active language include('languages/lang.'.$_session['lang'].'.php'); ?> my question is: how secure this, way coded right , should improve security ? administer vps using plesk 12 , have website firewall modsecurity on , see lots of attempts upload files in website's root using post method through browser, taking advantage of "lang" variable.
many in advance.
this safe looks of it. setting sensible default (en) if not found/not specified, , pattern matching en/ro properly.
you may want consider using language supporting framework/class though, make duplication efforts easier. try checking out https://github.com/philipp15b/php-i18n
Comments
Post a Comment