How bout an Apache redirect for .inc files to go to denied.htm or
something? PHP scripts could get to them, but they wouldn't be accessible
via http.
At 08:01 PM 3/3/01 +0100, [EMAIL PROTECTED] wrote:
Hi!
as I wrote in my mail:
1.
I won't name them ".inc" but ".inc.php" (so *I* know, it's an include file)
2.
I don't even want them to be executable!!!
and therefore my question was, if this (on top of every include-file) would
be safe enough:
if (substr($SCRIPT_URL,-8)==".inc.php") exit;
$PHP_SELF better than $SCRIPT_URL in line above???
thanks
michi
Include files do not have to end with '.inc', which is purely a convention
of dubious value. If you use '.php' as the extension for included files,
they will have to be parsed by PHP and can't be read as plain text from
outside.
Hi!
I want my include-files not be seen from outside AND not be executed!!!
I don't have access to a directory outside DOCUMENT_ROOT and I don't
have
.htaccess!!!
I think about something like:
1.
name: file.inc.php
2.
add code:
if ($PHP_SELF==MY_NAME) exit;
as first line in the inluded script.
so, if the script is being included from another script, the code will
be
executed - but if the file will be called directly, no code is executed!
BUT - how do I get the include-file's name?
or is it safe enough, to use something like
if (substr($SCRIPT_URL,-8)==".inc.php") exit;
--
Sent through GMX FreeMail - http://www.gmx.net
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]