Follow up to PHP include() issue Mar17 '05

Following up with my earlier entry from today, I went ahead and wrote to Dreamhost support, in regards to a PHP issue:

Hi, I had a quick question regarding this announcement that I received this morning:

[Start quoted text] > PHP provides a feature allowing a programmer to open, include or otherwise use a remote file using a URL rather than a local file path. Unfortunately, that feature is the source of a large number of security holes in PHP web applications running on our servers and we have been spending an increasing amount of time handling issues resulting from those security exploits. In the interest of overall system security, we have decided to disable this feature as of now. We apologize for any inconvenience this may cause. Please contact our support team if you have any questions. [End quoted text]

I understand the purpose and intentions of disabling this directive.

However, on a few of my sites, I use the full URL (within an INCLUDE) to pull in a LEGITIMATE file, from my own server space.

And, most importantly, I am not aware of any way (within PHP) to pass a variable to the INCLUDE page, by only specifying the local file path. According to PHP.net, you must specify the full URL:

http://us3.php.net/manual/en/function.include.php#AEN4904

Other than that, I have no problem with the security decision that was made.

Thanks.

I hope to hear from someone.

MATTHOM

To reference the most important part of that email that I sent:

I am not aware of any way (within PHP) to pass a variable to the INCLUDE page, by only specifying the local file path. According to PHP.net, you must specify the full URL.

Maybe a reader knows a solution.

Categories: PHP

Add Feedback (view all)

Leave feedback

Feedback

Input format: The editor controls below will assist with Markdown syntax.

Status

Sub-status

Your info Name: Email (will not show on page):

Follow new comments via email? (You can turn this off any time)

Do you want your comments emailed to yourself?

Home Page (optional):

If you set the variables prior to the include statement, the variable are accessible in the include. It seems that the way the include concept beh ... Read more.

matthom is published and produced by Matt Thommes - an independent publishing enthusiast, mobile blogger, content creator, informative writer, web developer from Chicago. Never one to conform, Matt intends to promote the effect the web has on our lives, in an effort to intensify, instruct, and clarify all that is happening around us.

Contact Matt

Similar Entries

PHP: Skipping index page call in URL (147 recent visits)
PHP project: convert times to numbers (302 recent visits)
PHP – passing variables across pages (8572 recent visits)
Install Apache, PHP, MySQL on Windows (166 recent visits)
Code mnemonics: PHP implode/explode (377 recent visits)
Swap banner image with CSS and PHP (658 recent visits)

Follow up to PHP include() issue Mar17 '05

Add Feedback (view all)

Leave feedback

Similar Entries

Stats

Recent Referrers (click)

Syndicate

Advertisements