如何从public_html中找到一个文件目录后使用include返回public_html根文件 [英] How to refer back to public_html root file using include after going up one file directory out of public_html

问题描述

根据一些特别有用的提示，我使用以下代码在我的根目录之外包含 PHP 文件，它们看起来类似于：

Based on some exceptionally helpful tips, I am using the following code to include PHP files outside my root directory which looks similar to this:

define('WEB_ROOT', __DIR__);
define('APP_ROOT', dirname(__DIR__));
define('PHP_ROOT', APP_ROOT . DIRECTORY_SEPARATOR . 'application');


include(PHP_ROOT . DIRECTORY_SEPARATOR . 'bootstrap.php');

我的问题是，例如，您可以包含代码 bootstrap。 php 按照你上面的内容。

My question is this, lets say for example you include the code bootstrap.php as per what you have above.

如果那个 PHP 文件引导然后怎么办？有自己的代码行，在public_html根文件夹中包含一个文件BACK ....如何编写一个代码？我这样做有些困难，我的目标是我不想在代码中填写实际的文字目录，我想避免文件遍历攻击

What if that PHP file bootstrap then had its own line of code the included a file BACK in the public_html root folder.... how would one code that? I am having some difficulty doing this, my objective here is that I dont want to put actual literal directories in full in the code and I want to avoid file traversal attacks

推荐答案

考虑这个项目结构：

/path/to/projectroot/index.php
                     header.php
                     include/inc.php

如果index.php

If index.php had

include('include/inc.php');

和inc.php

include('header.php');

你会收到错误，因为inc.php中的行会找

You'd get that error since the line in inc.php would be looking for

/path/to/projectroot/include/header.php  (doesn't exist)

不

/path/to/projectroot/header.php (does exist)

有几种方法可以解决这个问题。

There are a few ways people resolve this.

1：绝对路径

第一个也是最直接的是使用绝对路径。

The first, and most straightforward is to use absolute paths.

如果index.php有

If index.php had

include('include/inc.php');

和inc.php

include('/path/to/projectroot/header.php');

这样可行。

2：带定义的绝对路径

类似于＃1，如果index.php

Similar to #1, if index.php had

define('PROJECT_ROOT', '/path/to/projectroot/');
include(PROJECT_ROOT.'include/inc.php');

和inc.php

include(PROJECT_ROOT.'header.php');

这样可行。

更新：如 pichan 的评论中所述，您可以使用其中一个magic常量在index.php中，所以：

Update: As noted in the comments by pichan, you could use one of the "magic" constants here in index.php, so:

index.php

index.php

define('PROJECT_ROOT', __DIR__.'/');
include(PROJECT_ROOT.'include/inc.php');

和inc.php

include(PROJECT_ROOT.'header.php');

注意我们在 __ DIR __ 中添加一个尾部斜杠从这里开始：

Note we add a trailing slash to __DIR__ here since:

此目录名称没有尾部斜杠，除非它是根目录。

This directory name does not have a trailing slash unless it is the root directory.

3：包括两者并隐藏错误

如果inc.php有

@include('header.php');    # Try this directory
@include('../header.php'); # Try parent directory

这样可行。[1]

4：除非另有说明，否则假设当前目录

如果index.php

If index.php had

$rel_prefix_to_root = '../';
include('include/inc.php');

和inc.php

if(!isset($rel_path_to_root)){ $rel_path_to_root = ''; }
include($rel_path_to_root . 'header.php');

这样可行。

我对这些方法的看法

1和2基本相同，但是2对于大型项目来说更容易一点，因为它允许你制作一个不变的定义并在整个网站范围内使用它。它还允许您在多个服务器上部署项目（放置在多个路径中），并且只需要在项目范围内更改一行，而不是在选项1的每个文件中更改一行。

1 and 2 are basically the same, but 2 is a little bit easier and more common for big projects since it allows you to make one constant definition and use it site-wide. It also allows you to deploy the project on multiple servers (placed in multiple paths) and only requires changing one line project-wide, as opposed to one line in each file for option 1.

3太可怕了，不要这样做。有时你会看到它，你甚至可以在网上的教程中看到它。不要这样做。

3 is terrible, don't do it. Sometimes you'll see it, you might even see it in tutorials online. Don't do it.

4应该避免使用1或2.但如果你有一些复杂的包含，这种方法可能是必要的。

4 should probably be avoided in favor of 1 or 2. But this approach might be necessary if you have some complex set of includes.

一些注释：

[1]这是一个糟糕的主意。它有效，但不要这样做。

[1] This is a terrible idea. It works, but don't do it.

这篇关于如何从public_html中找到一个文件目录后使用include返回public_html根文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！