0

How do I get the actual text content of a .php file using javascript without executing it on the server?

Also, I would like to know if there is a way to read the text content of any other file other than .php using javascript.

Improve this question
6
  • not possible, unless the server's been configured to serve up .php files as plain text and output that text, instead of outputting it. What you want is basically impossible - a properly configured server will always execute the php and send you the output. Sending out the raw code would be a massive security issue. JS can fetch any url you tell it (subject to same-origin issues), but you can NOT control what the server does with that url in the background. Commented Mar 14, 2016 at 15:34
  • @MarcB, well, I do not think this should be a security concern, because I am executing it on my server, so I cannot be a threat to my own site. Commented Mar 14, 2016 at 15:36
  • well, then you need to configure your server to treat that php file as plaintext and serve it up its contents, instead of executing it. remember that file extensions are utterly irrelevant on the web. you could name all your files *.exe or *.arglebargle. as long as the webserver's been told how to treat that extension, it'll just "work", even though neither of those extensions are "traditionally" served up. Commented Mar 14, 2016 at 15:39
  • Okay, I do not think it is a really good idea for me to change the server config for the .php files, because I still need to execute the same file on some other instances. Commented Mar 14, 2016 at 15:42
  • you can target individual files for special treatment. but why go to that length when you could just rename the file to whatever.txt? Since you want it served up as text, then name it as a text file. Commented Mar 14, 2016 at 15:42

2 Answers 2

Reset to default
2

If you are using a webserver like Apache or Nginx then they will execute the .php file for you. There is no way around this because you shouldn't allow anyone to download your php source code, which is what you're trying to do with Javascript.

If your javascript needs some output then have your .php render the data javascript needs. Then to load this content via Javascript can be as simple as an ajax call, eg: http://api.jquery.com/jquery.ajax/

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Upvote after realizing this as an overkill in security. It should follow same-origin policy for scripts that try to read such file contents, rather than making it completely impossible.
@TroubleZero - If you go this route and build a php file that echo's your site's source code, then please note: people can visit this file directly and view the contents. They might tamper with $_GET variables. Do not allow this page display things like database passwords or other secret information.
@Chris I understand all this Chris, but it's some kind of a pentesting website, as in the kind that dares people to "hack this site", whose source code needs to be exposed. The PHP files are updated constantly, which makes it easier to show the source file itself, other than having other walkaround files.
0

I realize this is a very very old question. But it has a very simple solution, without re-configuring the php server, assuming,

  1. One wants to look at a few files, either permanently or during short time periods during development.
  2. It is not a security problem if it is viewed by others on the local net or wan, wherever you also view this. (This risk can also be minimized, see the end.)
  3. Your server is already configured to serve .txt files as plain text

Say the file of interest is x.php, make a symbolic link, with a text file extension

ln -s x.php newname.txt

Now you can view the file at the same site as newname.txt.

Minimizing security risk. If your server is already configured to not allow directory browsing, then by making the newname somewhat long, it is less likely anybody else will easily find the name to view it.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.