Hello,
I am having problems with an include statement. I'm setting a session
variable flag and then including a file, and in that include file I have
a check at the top to make sure that the session variable is set,
otherwise I stop executing and redirect.
My problem is that this works if I use a relative path to the include
file, but not if I use the full path. If I use the full path, it does
not read the session flag as being set, and thus kills the include page.
So basically...
// page 1
$_SESSION['flag'] = "true";
include("../folder2/page2.php"); // this works
include("http://localhost/folder2/page2.php"); // this does not work
// page 2
if(isset($_SESSION['flag']) && $_SESSION['flag'] == "true")
{
// relative include gets you here
}
else
{
// absolute include gets you here
}
allow_url_fopen is ON in php.ini if that makes any difference, it's the
only thing I could find that seemed like it might affect this?
Also, I read in the manual for header() that:
HTTP/1.1 requires an absolute URI as argument to Location: including the
scheme, hostname and absolute path, but some clients accept relative URIs.
a) All of my header calls involve relative paths and they work, but
should I change them to absolute? Does using relative pose a security risk?
b) Does this also apply to include? Does using relative paths with
include pose a security risk? (I never variables in include or header
statements, even when using relative paths I specify which file to
include/redirect to...)
Thanks a bunch in advance.
Marcus