--- Bruno Lustosa <[EMAIL PROTECTED]> wrote:
> On 7/5/06, Wade Smart <[EMAIL PROTECTED]> wrote:
> > For my own pages I have this:
> > include('../header/top.htm');
> >
> > That says its out of the current folder and into the header.
> > As I read yours, is out of the current folder and into the includes.
> > If you are in the main folder it would be
>
> Better yet, you can use something like this:
>
> include( $_SERVER['DOCUMENT_ROOT']."/header/top.htm" );
>
> This way, it will always work, regardless of where the page actually
> is. Here at work, I've had all kinds of problem because people who are
> responsible for HTML always use relative links, and when pages are
> copy/pasted into other locations, all includes suddenly fail.
>
> --
> Bruno Lustosa <[EMAIL PROTECTED]>
It is true that include() and require() refer to the filesystem path rather
than the web space
path. However, most of the URL-related variables in $_SERVER come from the
HTTP request and can
be manipulated by end users. As such, using this variable without a sanity
check could expose
your system to abuse. Some of the examples of $_SERVER['PHP_SELF'] revolve
around XSS (cross-site
scripting) but a semicolon embedded in the URL with additional content could be
damaging.
James
------------------------ Yahoo! Groups Sponsor --------------------~-->
Yahoo! Groups gets a make over. See the new email design.
http://us.click.yahoo.com/XISQkA/lOaOAA/yQLSAA/HKFolB/TM
--------------------------------------------------------------------~->
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
