Solved

php security allow_url_include: use cURL() instead?

Posted on 2012-03-31
2
796 Views
Last Modified: 2012-08-13
Hi,

I'm wondering how I would use the curl() in place of something of this code:

require_once('root.php');
require_once(ROOTFORM.'/classes/class.mysql.php');

Open in new window


where root.php is:
    define("ROOTCLASSES", "http://localhost/seokh/co_seokh/seokh/classes/form");
    define("ROOTFORM", "http://localhost/seokh/co_seokh/seokh/test/trunk/jquery/form

Open in new window

");

I receive this warning:
Warning: require_once(): http:// wrapper is disabled in the server configuration by allow_url_include=0 in /usr/local/apache/htdocs/seokh/co_seokh/seokh/test/trunk/jquery/form/saveName.php on line 3

This page says to use curl for remote file access:
http://phpsec.org/projects/phpsecinfo/tests/allow_url_include.html

Should I be using curl or something else instead of include() or require()? If so, could you give me some code samples of, perhaps, what you use?

Thank you,
Victor
0
Comment
Question by:Victor Kimura
2 Comments
 
LVL 10

Accepted Solution

by:
acbxyz earned 500 total points
Comment Utility
require_once needs a local path, nothing starting with http://

This can be either relative (like ./path/to/class.php) or absolute (/var/www/path/to/class.php). Keep in mind windows uses backslashes while linux normal ones. The preset constant DIRECTORY_SEPARATOR has always the right one.

define('DS', DIRECTORY_SEPARATOR);
define('ROOTFORM', '..' . DS . 'jquery' . DS . 'form' . DS);

require_once(ROOTFORM . 'classes' . DS . 'class.mysql.php');
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I don't believe you need CURL at all.  Your script needs to include a local file, so HTTP is irrelevant.  The file is already on your server.  The real question is, "Where is your file relative to your script that needs it?"  It might be as simple as this:
require_once('/classes/class.mysql.php');

Open in new window

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Time difference 10 33
Link SQL table to Webpage 9 35
Do we need servers??? 5 114
Creating Image Thumbnails Using PHP 3 14
Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now