Page 1 of 1
Can you view PHP source?
Posted: Wed Apr 16, 2003 2:37 am
by Ben C
Is it possible for someone to download a PHP page without it being executed, so they can see the source?
Cheers
-Ben

Posted: Wed Apr 16, 2003 3:04 am
by twigletmac
Not if the file has an extension that the webserver recognises as one that needs to be parsed by the PHP engine. For example most webservers are setup with .php as the extension for PHP files, if someone attempts to download one of these files they'll get the output of the PHP script. However, if the same code is placed in a file with a .inc file extension then it might be possible for someone to download the PHP page without it being executed (only not possible if the webserver is setup to view .inc's as PHP files).
Mac
Posted: Wed Apr 16, 2003 5:35 am
by m3mn0n
They aren't nessesarily that big of a security problem.
click to see what i mean.
Posted: Wed Apr 16, 2003 5:57 am
by twigletmac
Oromian wrote:They aren't nessesarily that big of a security problem.
Of course the question may not be about security

it may be that he wants to make PHP source available for download

(that's why I purposely didn't phrase my answer as though I was answering a question about security and tried to just give a general response to the actual question asked).
Mac
Posted: Wed Apr 16, 2003 5:58 am
by Frostbite
you could just put it in a .txt file using notepad and link to it, it will either show the script or you might have to download it first
Posted: Wed Apr 16, 2003 6:42 am
by m3mn0n
heh
If you don't want anyone to see it, place your source only in .php files, if you do want to show your source, try a snipplet like this one:
Code: Select all
<?php
function highlightcode($file){
ob_start();
show_source( "$file" );
$t = ob_get_contents();
ob_end_clean();
$t = ereg_replace( "<font" , "<span" , $t);
$t = ereg_replace( "</font>", "</span>", $t );
$t = ereg_replace( "color="", "style="color:", $t);
echo $t;
}
/* this has tough security so only the file, index.php inside this directory can be viewed;
./index.php
anything else will leave the visitor with a big fat error message. */
if($file == "./index.php") {
highlightcode ($file);
} elseif(!$file) {
exit;
} else {
echo "<h1><b>Cannot view this page! <u><font color="red">Access forbidden</font></u>!</b></h1>";
exit;
}
?>
Posted: Wed Apr 16, 2003 12:05 pm
by Jim
I don't think this guy wants to show his source code, I think he wants to view OTHER people's source code.
If you're looking for ideas for code, padawan, go to no place other than
hotscripts.com!
Posted: Wed Apr 16, 2003 8:12 pm
by phice
Of course, if the file is in their own possession, simply copy/rename to FILENAME.phps
Posted: Sun Apr 20, 2003 4:39 am
by The One
Frostbite wrote:you could just put it in a .txt file using notepad and link to it, it will either show the script or you might have to download it first
or you could just use the addslashes() and encode_url() functions.