Allow_url_include is there a way to allow includes from just one url

Question

allow_url_include is there a way to allow includes from just one Url. maybe with Htaccess or in the PHP?

Answer 1

No. To fetch the contents of a URL, use file_get_contents(). Then, to send the result back to the waiting browser, just use echo().

$contents = file_get_contents('http://www.example.com/');
echo( $contents );

The above will require that you set config allow_url_fopen=1 (which is already set by default).

---

If you were to use include, instead of the approach I've shown above, there would be one major difference: include also executes any PHP code it finds inside the fetched document. In general, this is a really dangerous thing to allow unless you know that you control 100% of the contents of the document being included.

That said: if you do want code that works exactly like include, you can do something like the following (which is safer because it only fetches a single URL, and it doesn't require you to enable allow_url_include).

$contents = file_get_contents('http://www.example.com/');
eval('?>'.$contents);

If you choose do this, be certain that you control the full contents of the remote URL. If someone else controls that file, they will be able to execute arbitrary code on your server. Don't let that happen.

Answer 2

Well why you need that, you have control over the code, you can just use one url in while including. Beside using allow_url_include is very dangerous. If you still want to use, you can do it this way.

Make a custom function (A rough code)

function url_include($url){
   //now check if $url is the one you want to be included
   if($url=="http://www.mysite.com/file.php"){
     include($url);
   }else{
      //show error or something.
   }
}

now use this url_include("http://www.mysite.com/file.php"); in your page to include url.

Hope this helps