如何从public_html中找到一个文件目录后使用include返回public_html根文件 [英] How to refer back to public_html root file using include after going up one file directory out of public_html
问题描述
根据一些特别有用的提示,我使用以下代码在我的根目录之外包含 PHP
文件,它们看起来类似于:
Based on some exceptionally helpful tips, I am using the following code to include PHP
files outside my root directory which looks similar to this:
define('WEB_ROOT', __DIR__);
define('APP_ROOT', dirname(__DIR__));
define('PHP_ROOT', APP_ROOT . DIRECTORY_SEPARATOR . 'application');
include(PHP_ROOT . DIRECTORY_SEPARATOR . 'bootstrap.php');
我的问题是,例如,您可以包含代码 bootstrap。 php
按照你上面的内容。
My question is this, lets say for example you include the code bootstrap.php
as per what you have above.
如果那个 PHP
文件引导然后怎么办?有自己的代码行,在public_html根文件夹中包含一个文件BACK ....如何编写一个代码?我这样做有些困难,我的目标是我不想在代码中填写实际的文字目录,我想避免文件遍历攻击
What if that PHP
file bootstrap then had its own line of code the included a file BACK in the public_html root folder.... how would one code that? I am having some difficulty doing this, my objective here is that I dont want to put actual literal directories in full in the code and I want to avoid file traversal attacks
推荐答案
考虑这个项目结构:
/path/to/projectroot/index.php
header.php
include/inc.php
如果index.php
If index.php had
include('include/inc.php');
和inc.php
include('header.php');
你会收到错误,因为inc.php中的行会找
You'd get that error since the line in inc.php would be looking for
/path/to/projectroot/include/header.php (doesn't exist)
不
/path/to/projectroot/header.php (does exist)
有几种方法可以解决这个问题。
There are a few ways people resolve this.
1:绝对路径
第一个也是最直接的是使用绝对路径。
The first, and most straightforward is to use absolute paths.
如果index.php有
If index.php had
include('include/inc.php');
和inc.php
include('/path/to/projectroot/header.php');
这样可行。
2:带定义的绝对路径
类似于#1,如果index.php
Similar to #1, if index.php had
define('PROJECT_ROOT', '/path/to/projectroot/');
include(PROJECT_ROOT.'include/inc.php');
和inc.php
include(PROJECT_ROOT.'header.php');
这样可行。
更新:如 pichan 的评论中所述,您可以使用其中一个magic常量在index.php中,所以:
Update: As noted in the comments by pichan, you could use one of the "magic" constants here in index.php, so:
index.php
index.php
define('PROJECT_ROOT', __DIR__.'/');
include(PROJECT_ROOT.'include/inc.php');
和inc.php
include(PROJECT_ROOT.'header.php');
注意我们在 __ DIR __
中添加一个尾部斜杠从这里开始:
Note we add a trailing slash to __DIR__
here since:
此目录名称没有尾部斜杠,除非它是根目录。
This directory name does not have a trailing slash unless it is the root directory.
3:包括两者并隐藏错误
如果inc.php有
@include('header.php'); # Try this directory
@include('../header.php'); # Try parent directory
这样可行。[1]
4:除非另有说明,否则假设当前目录
如果index.php
If index.php had
$rel_prefix_to_root = '../';
include('include/inc.php');
和inc.php
if(!isset($rel_path_to_root)){ $rel_path_to_root = ''; }
include($rel_path_to_root . 'header.php');
这样可行。
我对这些方法的看法
1和2基本相同,但是2对于大型项目来说更容易一点,因为它允许你制作一个不变的定义并在整个网站范围内使用它。它还允许您在多个服务器上部署项目(放置在多个路径中),并且只需要在项目范围内更改一行,而不是在选项1的每个文件中更改一行。
1 and 2 are basically the same, but 2 is a little bit easier and more common for big projects since it allows you to make one constant definition and use it site-wide. It also allows you to deploy the project on multiple servers (placed in multiple paths) and only requires changing one line project-wide, as opposed to one line in each file for option 1.
3太可怕了,不要这样做。有时你会看到它,你甚至可以在网上的教程中看到它。不要这样做。
3 is terrible, don't do it. Sometimes you'll see it, you might even see it in tutorials online. Don't do it.
4应该避免使用1或2.但如果你有一些复杂的包含,这种方法可能是必要的。
4 should probably be avoided in favor of 1 or 2. But this approach might be necessary if you have some complex set of includes.
一些注释:
[1]这是一个糟糕的主意。它有效,但不要这样做。
[1] This is a terrible idea. It works, but don't do it.
这篇关于如何从public_html中找到一个文件目录后使用include返回public_html根文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!