Re: Do people still use the .inc extension?
- From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
- Date: Mon, 03 Mar 2008 05:19:43 -0500
Guillaume wrote:
Mason Barge a écrit :
Okay. I generally put a header.inc.php file below the webroot. It would actually be a major inconvenience not to do so.
To be safe, you can add some checks, I personnaly apply the one used in phpBB :
DEFINE('IN_MYSITE', true);
in the php pages.
if (!defined('IN_MYSITE')) {
die("Hacking attempt");
}
in the php includes.
This way no .inc.php can be executed, it dies immediately.
Which isn't required if you have the include files below webroot. It also isn't required if the include file contains only functions which are called from other code (which makes the include source-file independent, BTW).
I don't really follow your reasoning (not your fault). Is there a realistic chance of harm?
if your file does some code depending on a context, which context doesn't exist if you call that file directly, yes. Such code would be extremely weird to do I think, still some people may code that way.
Regards,
Actually, the execution of the code would be quite predictable, and, if properly coded, should fail anyway if a required variable, etc. is missing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.
- References:
- Re: Do people still use the .inc extension?
- From: Mason Barge
- Re: Do people still use the .inc extension?
- From: Guillaume
- Re: Do people still use the .inc extension?
- Prev by Date: Re: Newb question
- Next by Date: Re: using php to accesss .htaccess protected directories
- Previous by thread: Re: Do people still use the .inc extension?
- Next by thread: eregi_replace problem
- Index(es):
Relevant Pages
|
