rix
Reputation: 10642
Php.ini include_path and ssi
I have an ssi directory outside of my website webroot (var/www/shared/ssi)
I would like all differnet virtual hosts on the server to be able to access files in this directory so I added the path to include_path in php.ini
Now I can simply do the following to load ssi files in this directory.
<?php include 'header.htm'; ?>
My question is - is this good practice? And should I be aware of any security implications of doing this?
Thanks
Upvotes: 0
Views: 324
Answers (1)
Pekka
Reputation: 449783
The command
<?php include 'header.htm'; ?>
will execute any PHP code inside header.htm. If you can't fully trust its contents, it's not a good idea. In that case, do
<?php readfile("header.htm"); ?>
this will read the file, not execute any PHP code in it, and output it.
Upvotes: 3
Related Questions
- php.ini include_path
- How to change include_path in php.ini file?
- include_path is not updated as specified in php.ini
- ini_set include_path not working
- Setting include_path in a shared php.ini file
- Why isn't PHP.ini include_path working correctly for me here?
- What to do after setting include path in php.ini?
- php.ini path inside code
- Confused about include_path in php.ini
- What can change the include_path between php.ini and a PHP file