开发者

File can be executed only using includes

I would like to know if this it's fine.

I need to block web access to file and make it only avaible from other php (ie: include)

if(strstr($_SERVER['PHP_SELF'], "filename.php")){
      header('Location: http://www.website.net');
开发者_Go百科}  

thanks in advance


The most common way is to define a constant in a parent script

define('BLA', true);

and check in your script if it exists:

if (!defined('BLA')) {
    // redirect here
}


This is fine, but you can make it a little more generic by using this instead of manually entering the filename. $_SERVER["SCRIPT_NAME"] will return the name of the file. This way, if you rename or copy the file, it's still protected.

You can also set file permissions to make the file inaccessible, and put it outside of the siteroot for good measure.

@zerkms also has an interesting suggestion.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜