Page 1 of 1
Who referred to for include/require files ?
Posted: Fri Feb 04, 2005 1:56 am
by anjanesh
In a.php I have
include("b.php.include")
Any way to find out in b.php.include which script included me (b.php.inc)
Im not looking for $HTTP_REFERER
Thanks
Posted: Fri Feb 04, 2005 2:07 am
by feyd
$_SERVER['SCRIPT_NAME']
Posted: Fri Feb 04, 2005 4:54 am
by anjanesh
In a.php I include b.php.include
In b.php.include I include c.php.include
$_SERVER['SCRIPT_NAME'] in c.php.include will give a.php
Posted: Fri Feb 04, 2005 5:32 am
by onion2k
Don't know the answer to your question, but calling files b.php.include will mean anyone accessing the file by going to
http://www.example.com/b.php.include will see the source code.
(Unless you put the file outside the web root, or you configure the server to parse .include as something other than text.)
Posted: Fri Feb 04, 2005 6:06 am
by anjanesh
onion2k wrote:or you configure the server to parse .include as something other than text.
How do do that in Apache on a server host ? This what I tried asking in another thread ?
Posted: Fri Feb 04, 2005 6:06 am
by timvw
in each page: if(!$pages) $pages = array(); $pages[] = __FILE__;
but i really can't see a good reason why you would want that....
Posted: Fri Feb 04, 2005 8:12 am
by feyd
the debug backtrace should give the info too.. I don't see much point in it either really. Only thing I can see is knowing if it's being included or not, but that can be handled in other ways...
The following has worked well for me in the past
Code: Select all
// include this function into all scripts (you wish to lock)
function no_direct_access($filename)
{
if((in_array('PATH_TRANSLATED',$_SERVER) && ($filename == $_SERVERї'PATH_TRANSLATED'])) || ($filename == realpath($_SERVERї'SCRIPT_NAME'])))
{
die("Direct access to this file is denied.");
}
}
no_direct_access(__FILE__); // when in a script you wish to lock, just call this exact line, do not change __FILE__ to anything else.