包装是由allow_url_include = 0禁用服务器配置 [英] Wrapper is disabled in the server configuration by allow_url_include=0
问题描述
我试图恢复与一个 AJAX
调用页面内容。我有一系列的内页包装环节。当我点击一个链接,它加载一个JavaScript函数检索页面内容从 PHP
脚本。在这种情况下,我发展我的本地主机
,但在生产中的脚本将是相同的根文件夹和域作为一个执行文件中的 AJAX
通话。我现在用的响应,为 DIV
的内容。内容不是单纯的 PHP
,和我的意思,而它是由PHP生成具有 HTML
类似的元件 DIV
和跨度。它基本上是东西,是打开和关闭body标签之间发生。正因为如此,我不知道我可以只使用 json_en code
。
I am trying to retrieve page contents with an AJAX
call. I have a series of links within a page wrapper. When I click on a link, it loads a JavaScript function that retrieves page contents from a php
script. In this case I am developing on my localhost
, but in production the script will be within the same root folder and domain as the file that does the AJAX
call. I am using the response as the content for a div
. The content isn't purely PHP
, and by that I mean while it is generated by php it has HTML
elements like div
s and spans. It's basically the stuff that is going between the opening and closing body tags. Because of this, I'm not sure I can just use json_encode
.
而不是在内容加载的 DIV
,我得到以下错误:
Instead of the content loading in the div
, I get the following error:
警告:require_once()[function.require一次]:HTTP://封装器 通过allow_url_include = 0
Warning: require_once() [function.require-once]: http:// wrapper is disabled in the server configuration by allow_url_include=0
在 allow_url_include
读了之后似乎这通常是默认禁用。我假设,此功能可以使一些严重的网站攻击。是那么回事。如果是这样,我怎么可以检索从另一个文件的内容?
After reading up on allow_url_include
it seems that this is usually disabled by default. I'm assuming that this feature allows for some serious site attacks. Is that the case. If so, how can I retrieve the content from another file?
我尝试使用 JQuery的
装载功能:
$('#content').load('pages/test_page.php');
但具有同样的结果。
but with the exact same results.
这是我发疯! TIA。
This is driving me nuts! TIA.
编辑:我想我可能已经找到了问题;在 PHP
文件中的 AJAX
被检索的使用量 require_once
。它要求的文件是相同的根文件夹内的同一台服务器上,但它是一个目录了。然而,创建一个新的问题:我得到的内容,但不完全。例如,文件中我有这样的:
I think I may have found the problem; the php
file that the AJAX
is retrieving content from is using require_once
. The file that it is requiring is on the same server within the same root folder, but it was one directory up. HOWEVER, that creates a new problem: I'm getting the content, but not fully. For example, in the file I have this:
Title: <?php echo $details['title']; ?>
我只得到了第一个字母,这也适用于其他 PHP
的内容,我回声
。
推荐答案
allow_url_include
只影响包括()
和要求()
,你仍然可以使用PEAR HTTP_Request2
模块或卷曲
函数来获取网页。
allow_url_include
only affects include()
and require()
, you can still use the PEAR HTTP_Request2
module or the curl
functions to fetch webpages.
使用包括()
远程网页被认为是一个不好的做法,并可能带来安全风险。例如,如果你使用包括:($ VAR);
和一些攻击者设法替换$ VAR与的http://hacksite.tld
,他/她可以注入code ...
Using include()
for remote webpages is considered to be a "bad practice", and may pose a security risk. For example, if you use include($var);
and some attacker manages to replace $var with http://hacksite.tld
he/she can "inject" code ...
这篇关于包装是由allow_url_include = 0禁用服务器配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!