PHP includes, htaccess, and allow_url_fopen

Question

Scenario: Developing on hosted server, htaccess = Basic Auth, allow_url_fopen = on

Problem: When I include files with their url location, my htaccess blocks the include and returns a 401 error.

Known solutions: relative path (../), $_SERVER['DOCUMENT_ROOT'].

Question: Is there another way? I'd like to keep the url, if possible, in this scenario. Also, I'm using an include file for my footers, should I use tpl instead (I know nothing about tpl)?

EDIT: I'm currently making a mess of my folder structure. I have example.com and secure.example.com (where the ssl is installed). So in my secure folder I want to include files from the root. I thought it might be easier if I used the URL because the 'document_root' call only takes me to the secure folder (not root), and if I move a file the relative path may not work.

This should happen only if you request a local resource via http://. Can you show an example? — Pekka
– Pekka, Commented Feb 1, 2011 at 19:15

coreyward · Accepted Answer · 2011-02-01 19:17:32Z

2

You really don't want to do this. That's the reason the option is turned off by default. A better way of handling this is to grab the files from with libcurl.

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);

Then you can write the data to a file and include it. This is still a really risky behavior, though, because you're trusting a remote source. A chain is only as secure as its weakest link. Using SSH and periodically syncing might be a viable alternative.

answered Feb 1, 2011 at 19:17

coreyward

80.5k21 gold badges148 silver badges176 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

PHP includes, htaccess, and allow_url_fopen

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related