{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《PHP include/require without passing variables》','https://www.manongdao.com/q-440045.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is it possible to include something in PHP without passing the variables that were passed to the original script?
I am using Joomla, and I am getting the error documented here ("Illegal Variables ..."). The php script is an AJAX script that sends data back to the browser, so this script takes a lot of POST variables, does a database query, then echos the result. I am trying to tighten up security, so I put an include in this script to authenticate the user with the built it Joomla modules. I got the idea from here for the user authentication script.
The authentication script works for some pages, but with others I get the error mentioned above. So I want to include the authentication script without passing any variables to it. Is this possible?
EDIT: Here is a little more detail.
In the ajax script I have this:
<?php
include '/var/www/joomla-auth.php';
...
below here is the script, basically the "joomla-auth.php" included script takes care of getting the username and password for a mysql query. Contents of joomla-auth:
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
/* Create the Application */
$mainframe =& JFactory::getApplication('site');
/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
die("Access denied: login required.");
$user =& JFactory::getUser();
I am pretty sure it is the define or require lines that is throwing the error:
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
As documented in the first link above.
EDIT 2:
The 'joomla-auth.php' script makes $username and $password variables which are then used in the AJAX script. I tried this at the top of the AJAX script:
function get_creds(){
include '/var/www/joomla-auth.php';
return Array($username,$password);
}
$creds = get_creds();
$username = $creds[0];
$password = $creds[1];
....
But still the $_POST variables are being passed to /var/www/joomla-auth.php :-(
Namespaces may be useful for solving your problem in a not-so-hackish way.
Wrap the include in another function to create an (almost) empty scope
function foo($path){ include($path); }edit: If you do need to pass some variables, you can pass them as an array in the second argument and extract() it in the function:
function foo($path, array $vars=array()) { extract($vars); include($path); }This is similar to what was done in Kohana's view engine for a similar purpose ( in View::capture()). You might want to see how they've implemented it and how they're.using it.
Joomla throws this error if you're passing it one of the vars mentioned in your error to the url (or via mod_rewrite):
_files or _env or _get or _post or _cookie or _server or _session
Besides, I think the same error is thrown if you're passing a whole numeric variable, such as:
http://yoursite.com/?123456=abc
Just make sure you're not passing any of these vars in the url. If you can't find the problem, try to check what's in the request before the error is thrown.
I hope it helped!