PHP 5.2.1 is a Remote Include Hater
Posted by Nessa | Posted in php | Posted on April 28, 2007
2
I found this out after troubleshooting a few sites a couple weeks ago. Unlike all other previous versions of PHP, with 5.2.1 you can no longer use a URL to include files, even if you have allow_url_fopen enabled in your php.ini.
Just a quickie about what an ‘include’ is, it’s a php function that lets you include the contents of a file into another. It usually takes the form of this:
include('page.php');
This is a local include, and is usually the preferred method. A remote include is that of a URL:
include('http://google.com');
Most people would agree that remote includes are a major security issue for novice coders who don’t have any kind of file validation in place to protect their scripts, but if you’re convinced that your code is down, you can add this line to your php.ini file to allow remote file includes:
allow_url_include On
Now, this directive did not exist until php 5.2.1 was released so Cpt. Obvious says that:
1) you cannot use it with versions prior to 5.2.1
2) You’ll need to add it to your php.ini, as you probably won’t find it in there already
3) allow_url_fopen has to be enabled
4) This has to be in the php.ini server-side, and not the .htaccess
If you’d like to know more about remote file inclusions (the bad kind), read my article.
No related posts.
[...] UPDATE: Since php 5.2.1, remote includes are no longer enabled without the php.ini directive for allow_url_include. Read Post [...]
Remote includes are a dangerous game anyway. I’d definitely recommend using cURL instead.
Here’s a replacement function:
function url_get_contents( $url )
{
$get = curl_init( $url );
curl_setopt($get, CURLOPT_RETURNTRANSFER, 1);
return curl_exec($blog_info_data);
}