If your PHP installation is secure and you try to include a file using an absolute path or a remote file then you will face this issue. For example …
<?
include ("http://www.somedomain.com/file.php");
?>
will result in you seeing this PHP error when viewing the page in your browser …
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/user/public_html/page.php on line xx
The reasons for disabling PHP include for remote files is clear – to do so would leave your coding open to cross site scripting attacks (XSS attacks). This is the method by which someone of malintent would inject their own code into yours, such malicious code is usually crafted to conduct a DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack both of which would cause server downtime. Other injections could include alternative page content, such as a ‘Hacked by some Hackers’ type of announcement across your web page(s).
Alternate method to include the remote
URL in PHP file is to use the function file_get_contents().
Add this,
<?
$a = file_get_contents("http://www.somedomain.com/file.php");
echo ($a);
?>
instead of
<?
include ("http://www.somedomain.com/file.php");
?>
For this code you did not need to enable URL file-access in the server
Another alternative is using require_once function
<?
require_once($_SERVER['DOCUMENT_ROOT'].'file.php');
?>
In the above two alternatives file_get_contents() worked for me. Give first priority to the file_get_contents() function.
No comments:
Post a Comment