I've been pondering over how to enforce how/where/who includes a given PHP file and my question is: Is there a way for a PHP script to be able to detect what script is including it? In other words, if X.php is including Y.php, is there a way for Y.php to detect that it's being included by X.php? If I can detect the full url (
http://www.xyz.com/X.php), then I can enforce some rules regarding how a file is included. I don't really want to do an approach I read about earlier where you have something like this:
X.php
Y.php
Code: Select all
if ($ping != "pong")
// Some error message and exits this file
// The rest of the code for this page
Because a malicious php script could set $ping = "pong" before including Y.php, and the plan would fail.
I can use an .htaccess file to redirect away from any files that I don't want to be directly accessed (put all the included files into a folder, then redirect from that folder to somewhere nicer for instance). But again, this doesn't cover includes.
I've kind of rambled on a bit, but hopefully I've gotten across my problem.
Thanks in advance =)