包装是由allow_url_include = 0禁用服务器配置 [英] Wrapper is disabled in the server configuration by allow_url_include=0
问题描述
我试图恢复与一个 AJAX 调用页面内容。我有一系列的内页包装环节。当我点击一个链接,它加载一个JavaScript函数检索页面内容从 PHP 脚本。在这种情况下,我发展我的本地主机,但在生产中的脚本将是相同的根文件夹和域作为一个执行文件中的 AJAX 通话。我现在用的响应,为 DIV 的内容。内容不是单纯的 PHP ,和我的意思,而它是由PHP生成具有 HTML 类似的元件 DIV 和跨度。它基本上是东西,是打开和关闭body标签之间发生。正因为如此,我不知道我可以只使用 json_en code 。
I am trying to retrieve page contents with an AJAX call. I have a series of links within a page wrapper. When I click on a link, it loads a JavaScript function that retrieves page contents from a php script. In this case I am developing on my localhost, but in production the script will be within the same root folder and domain as the file that does the AJAX call. I am using the response as the content for a div. The content isn't purely PHP, and by that I mean while it is generated by php it has HTML elements like divs and spans. It's basically the stuff that is going between the opening and closing body tags. Because of this, I'm not sure I can just use json_encode.
而不是在内容加载的 DIV ,我得到以下错误:
Instead of the content loading in the div, I get the following error:
警告:require_once()[function.require一次]:HTTP://封装器 通过allow_url_include = 0
Warning: require_once() [function.require-once]: http:// wrapper is disabled in the server configuration by allow_url_include=0
在 allow_url_include 读了之后似乎这通常是默认禁用。我假设,此功能可以使一些严重的网站攻击。是那么回事。如果是这样,我怎么可以检索从另一个文件的内容?
After reading up on allow_url_include it seems that this is usually disabled by default. I'm assuming that this feature allows for some serious site attacks. Is that the case. If so, how can I retrieve the content from another file?
我尝试使用 JQuery的装载功能:
$('#content').load('pages/test_page.php');
但具有同样的结果。
but with the exact same results.
这是我发疯! TIA。
This is driving me nuts! TIA.
编辑:我想我可能已经找到了问题;在 PHP 文件中的 AJAX 被检索的使用量 require_once 。它要求的文件是相同的根文件夹内的同一台服务器上,但它是一个目录了。然而,创建一个新的问题:我得到的内容,但不完全。例如,文件中我有这样的:
I think I may have found the problem; the php file that the AJAX is retrieving content from is using require_once. The file that it is requiring is on the same server within the same root folder, but it was one directory up. HOWEVER, that creates a new problem: I'm getting the content, but not fully. For example, in the file I have this:
Title: <?php echo $details['title']; ?>
我只得到了第一个字母,这也适用于其他 PHP 的内容,我回声。
推荐答案
allow_url_include 只影响包括()和要求(),你仍然可以使用PEAR HTTP_Request2 模块或卷曲函数来获取网页。
allow_url_include only affects include() and require(), you can still use the PEAR HTTP_Request2 module or the curl functions to fetch webpages.
使用包括()远程网页被认为是一个不好的做法,并可能带来安全风险。例如,如果你使用包括:($ VAR); 和一些攻击者设法替换$ VAR与的http://hacksite.tld ,他/她可以注入code ...
Using include() for remote webpages is considered to be a "bad practice", and may pose a security risk. For example, if you use include($var); and some attacker manages to replace $var with http://hacksite.tld he/she can "inject" code ...
这篇关于包装是由allow_url_include = 0禁用服务器配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
