B.6. includeAs described in Chapter 5, the use of include is common and necessary for an organized and modular software design. However, improper use of include can create one of the most drastic security vulnerabilitiescode injection. It is extremely important that you use only filtered data in an include statement. This function is a good candidate for inspection during a security audit or peer review. |