472,794 Members | 2,732 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,794 software developers and data experts.

include/header questions

Hello,

I am having problems with an include statement. I'm setting a session
variable flag and then including a file, and in that include file I have
a check at the top to make sure that the session variable is set,
otherwise I stop executing and redirect.

My problem is that this works if I use a relative path to the include
file, but not if I use the full path. If I use the full path, it does
not read the session flag as being set, and thus kills the include page.

So basically...

// page 1
$_SESSION['flag'] = "true";
include("../folder2/page2.php"); // this works
include("http://localhost/folder2/page2.php"); // this does not work

// page 2
if(isset($_SESSION['flag']) && $_SESSION['flag'] == "true")
{
// relative include gets you here
}
else
{
// absolute include gets you here
}

allow_url_fopen is ON in php.ini if that makes any difference, it's the
only thing I could find that seemed like it might affect this?

Also, I read in the manual for header() that:

HTTP/1.1 requires an absolute URI as argument to Location: including the
scheme, hostname and absolute path, but some clients accept relative URIs.

a) All of my header calls involve relative paths and they work, but
should I change them to absolute? Does using relative pose a security risk?

b) Does this also apply to include? Does using relative paths with
include pose a security risk? (I never variables in include or header
statements, even when using relative paths I specify which file to
include/redirect to...)

Thanks a bunch in advance.

Marcus
Jul 17 '05 #1
2 1843
Marcus (Ju********@aol.com) wrote:
: Hello,

: I am having problems with an include statement. I'm setting a session
: variable flag and then including a file, and in that include file I have
: a check at the top to make sure that the session variable is set,
: otherwise I stop executing and redirect.

: My problem is that this works if I use a relative path to the include
: file, but not if I use the full path. If I use the full path, it does
: not read the session flag as being set, and thus kills the include page.

: So basically...

: // page 1
: $_SESSION['flag'] = "true";
: include("../folder2/page2.php"); // this works
: include("http://localhost/folder2/page2.php"); // this does not work

Your "relative" path is reading the contents of a file directly from the
local file system, whereas your "full path" is asking a web server to
(probably) run a script and send you the results. (Well, it is possible
the web server will send the contents, but since you are accessing your
own files from your own script directory, I doubt that. Instead the
server will try to run the script and return the result, and it is the
result that you are then including into your main script.)

So the two are really very different things.

If you wish to find an include file in a fixed location then you could
simply specify its path as a local file.

include("/this/is/an/absolute/path/folder2/page2.php");

To do this you need to find the full path name of your files on the
server, which is _not_ normally the same as the full path used when you
access them through the web.

Or, yYou could change the file type so that the web server is just sending
you the contents of the script, which is probably what you really want.
I don't think the php include command cares about the file name extension,
as long as the text it receives is valid php then it will use it as php
code, so just rename the file to anything that will make it get returned
as text.
OR, because the server is your own server, then it may be possible for the
"full path" script run and also access the session variables, but to do so
it will have to receive the same session identifiers (as headers or in the
url) that it would receive if a regular browser was accessing it. It will
then use them to find the session file just like a normal php script
might. Presumably you could add then as a query string to the URL of the
include, if there is no other way to control the headers sent with the
include request. Somehow I doubt you really wish to do this.
--

This space not for rent.
Jul 17 '05 #2
Malcolm Dew-Jones wrote:
Marcus (Ju********@aol.com) wrote:
: Hello,

: I am having problems with an include statement. I'm setting a session
: variable flag and then including a file, and in that include file I have
: a check at the top to make sure that the session variable is set,
: otherwise I stop executing and redirect.

: My problem is that this works if I use a relative path to the include
: file, but not if I use the full path. If I use the full path, it does
: not read the session flag as being set, and thus kills the include page.

: So basically...

: // page 1
: $_SESSION['flag'] = "true";
: include("../folder2/page2.php"); // this works
: include("http://localhost/folder2/page2.php"); // this does not work

Your "relative" path is reading the contents of a file directly from the
local file system, whereas your "full path" is asking a web server to
(probably) run a script and send you the results. (Well, it is possible
the web server will send the contents, but since you are accessing your
own files from your own script directory, I doubt that. Instead the
server will try to run the script and return the result, and it is the
result that you are then including into your main script.)

So the two are really very different things.

If you wish to find an include file in a fixed location then you could
simply specify its path as a local file.

include("/this/is/an/absolute/path/folder2/page2.php");

To do this you need to find the full path name of your files on the
server, which is _not_ normally the same as the full path used when you
access them through the web.

Or, yYou could change the file type so that the web server is just sending
you the contents of the script, which is probably what you really want.
I don't think the php include command cares about the file name extension,
as long as the text it receives is valid php then it will use it as php
code, so just rename the file to anything that will make it get returned
as text.
OR, because the server is your own server, then it may be possible for the
"full path" script run and also access the session variables, but to do so
it will have to receive the same session identifiers (as headers or in the
url) that it would receive if a regular browser was accessing it. It will
then use them to find the session file just like a normal php script
might. Presumably you could add then as a query string to the URL of the
include, if there is no other way to control the headers sent with the
include request. Somehow I doubt you really wish to do this.
--

This space not for rent.

Malcolm,

Thank you for the reply. Please correct me if I am wrong, but to
summarize, it is ok (i.e. not a security vulnerability) to use relative
path names (with respect to the folder the page calling the include
resides in)? (i.e. the method that I reported working)

With regard to my second question, does anyone know if not specifying a
full absolute path in a header location call has any drawbacks?
Security flaws, weird behavior, etc.

Thanks again.
Jul 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Web Developer | last post by:
Hi, In Java, the package java.lang.*; is automatically imported and provides a basic set of functionality. Questions: 1) In C++, are there any include files that are automatically included?...
7
by: mescaline | last post by:
Hi, Suppose a_file.cpp contains a function a_function() Now to include it in main_file.cpp I just do #include "a_file.cpp" and I'm all set. i recently came across this seemingly roundabout...
6
by: atv | last post by:
Alright, i have some questions concerning include files en global variables.I hope someone is willing to answer these. 1).Why is it that if i define a global variable in a file, say main.c, and...
60
by: Derrick Coetzee | last post by:
It seems like, in every C source file I've ever seen, there has been a very definite include order, as follows: - include system headers - include application headers - include the header...
44
by: Neil Cerutti | last post by:
In Rob Pike's style guide he urges the following: Simple rule: include files should never include include files. If instead they state (in comments or implicitly) what files they need...
14
by: Jon Rea | last post by:
I am currently cleaning up an application which was origainlly hashed together with speed of coding in mind and therefore contains quite a few "hacky" shortcuts. As part of this "revamping"...
13
by: Salvatore Di Fazio | last post by:
Hi, I've an array in an include that is used everywhere in the project. So to avoid the problem of declaration I made the following solution: ifndef __UNWALKABLETILES__ #define...
7
by: Bill Pursell | last post by:
I read recently (can't remember if it was on this group or elsewhere) that it is a bad idea to write a header file this way: #ifndef FOO_HDR #define FOO_HDR 1 #include <stdio.h> int...
2
by: key9 | last post by:
Hi all look at the organize tree main.c ------ #include lib_adapter.c main() { foo();
0
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
0
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
14
DJRhino1175
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
0
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
5
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
0
by: Mushico | last post by:
How to calculate date of retirement from date of birth
2
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.