Allow_url_include是有办法允许从一个网址包括 [英] Allow_url_include is there a way to allow includes from just one url

问题描述

allow_url_include 有没有办法让从一个网址包含。也许用的.htaccess或在PHP？

allow_url_include is there a way to allow includes from just one Url. maybe with Htaccess or in the PHP?

推荐答案

没有。要获取一个URL的内容，使用 的file_get_contents（ ） 。然后，将结果发送回浏览器的等待，只需要使用回声（）。

No. To fetch the contents of a URL, use file_get_contents(). Then, to send the result back to the waiting browser, just use echo().

$contents = file_get_contents('http://www.example.com/');
echo( $contents );

以上需要你设置配置 allow_url_fopen选项= 1 （已设置为默认）。

The above will require that you set config allow_url_fopen=1 (which is already set by default).

如果你使用了包括，而不是我上面的方法，将有一个重要区别：包括还的执行的任何PHP code发现所获取的文档中。在一般情况下，这是一个非常危险的事情，让除非你知道你控制被列入的文件中的内容100％。

If you were to use include, instead of the approach I've shown above, there would be one major difference: include also executes any PHP code it finds inside the fetched document. In general, this is a really dangerous thing to allow unless you know that you control 100% of the contents of the document being included.

这是说：如果你的执行的希望code，它的工作原理完全一样包括，你可以这样做以下（这是更安全，因为它只能获取一个URL，它的不的要求，您可以启用 allow_url_include ）。

That said: if you do want code that works exactly like include, you can do something like the following (which is safer because it only fetches a single URL, and it doesn't require you to enable allow_url_include).

$contents = file_get_contents('http://www.example.com/');
eval('?>'.$contents);

如果你选择这样做，确定你控制远程网址的全部内容。如果别人控制了文件，他们将能够在服务器上执行任意code。不要让这种情况发生。

If you choose do this, be certain that you control the full contents of the remote URL. If someone else controls that file, they will be able to execute arbitrary code on your server. Don't let that happen.

这篇关于Allow_url_include是有办法允许从一个网址包括的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！