服务器端包含 [英] Server Side Include
问题描述
是否有可能使用服务器端包含访问服务器外部的文件?
如果没有其他选项可以做到这一点?
p>使用 cURL 来获取域外的数据。如果您想要执行收到的数据,请继续 eval()它。但是,应该预先警告,这将获得页面的输出。这意味着,如果它是一个像'.php'页面那样的被执行页面,那么你将得到处理结果中出来的数据。
<?php
//创建一个新的cURL资源
$ ch = curl_init();
//设置URL和其他适当的选项
curl_setopt($ ch,CURLOPT_URL,http://www.example.com/);
curl_setopt($ ch,CURLOPT_HEADER,0);
//抓取URL并传递给浏览器
curl_exec($ ch);
//关闭cURL资源,释放系统资源
curl_close($ ch);
?>
如果您想获取'实际'内容该文件,你会想在另一台服务器上设置一个排序代理。 (你不能在你的服务器上执行它,因为那样会成为服务器端脚本编写工作的安全漏洞)。
<?php
//读取请求的文件
readfile($ _ GET ['file']);
这会为您提供您请求的任何文件的内容:
http://test.com/handler.php?file=handler.php
但是,如果其他人发现它,这可能是危险的。
Is it possible to use a server side include to access files that are outside of the server?
If not what are some other options to do this?
Use cURL to get data outside of the domain. If you want to then execute the data you receive, go ahead and eval() it. But, be forewarned that this will get the 'output' of the page. Meaning if it is an executed page like a '.php' page, you will get the data that comes out as a result of it being processed.
<?php
// create a new cURL resource
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, "http://www.example.com/");
curl_setopt($ch, CURLOPT_HEADER, 0);
// grab URL and pass it to the browser
curl_exec($ch);
// close cURL resource, and free up system resources
curl_close($ch);
?>
The same is true for file_get_contents(), and fopen()
If you wanted to grab the 'actual' contents of the file, you would want to set up a proxy of sorts on the other server. (You can't do it on your server because then it would be a security flaw in how server-side-scripting works).
<?php
// Read the requested file out
readfile($_GET['file']);
That will give you the contents of any file you request:
http://test.com/handler.php?file=handler.php
But, if anyone else finds it, it could be dangerous.
这篇关于服务器端包含的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
