{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 成全新的幸福 的问题《How to refer back to public_html root file using i》','https://www.manongdao.com/q-723422.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Based on some exceptionally helpful tips, I am using the following code to include PHP files outside my root directory which looks similar to this:
define('WEB_ROOT', __DIR__);
define('APP_ROOT', dirname(__DIR__));
define('PHP_ROOT', APP_ROOT . DIRECTORY_SEPARATOR . 'application');
include(PHP_ROOT . DIRECTORY_SEPARATOR . 'bootstrap.php');
My question is this, lets say for example you include the code bootstrap.php as per what you have above.
What if that PHP file bootstrap then had its own line of code the included a file BACK in the public_html root folder.... how would one code that? I am having some difficulty doing this, my objective here is that I dont want to put actual literal directories in full in the code and I want to avoid file traversal attacks
To get the directory above public_html I use the following
$aboveRoot = explode('/public_html', $_SERVER['DOCUMENT_ROOT']);
define('ABOVE_THE_ROOT', $aboveRoot[0]);
Consider this project structure:
/path/to/projectroot/index.php header.php include/inc.phpIf index.php had
and inc.php had
You'd get that error since the line in inc.php would be looking for
not
There are a few ways people resolve this.
1: Absolute paths
The first, and most straightforward is to use absolute paths.
If index.php had
and inc.php had
This would work.
2: Absolute paths with defines
Similar to #1, if index.php had
and inc.php had
This would work.
Update: As noted in the comments by pichan, you could use one of the "magic" constants here in index.php, so:
index.php
and inc.php
Note we add a trailing slash to
__DIR__here since:3: Include both and hide errors
If inc.php had
This would work.[1]
4: Assume current directory unless otherwise specified
If index.php had
and inc.php had
This would work.
My take on these methods
1 and 2 are basically the same, but 2 is a little bit easier and more common for big projects since it allows you to make one constant definition and use it site-wide. It also allows you to deploy the project on multiple servers (placed in multiple paths) and only requires changing one line project-wide, as opposed to one line in each file for option 1.
3 is terrible, don't do it. Sometimes you'll see it, you might even see it in tutorials online. Don't do it.
4 should probably be avoided in favor of 1 or 2. But this approach might be necessary if you have some complex set of includes.
Some Notes:
[1] This is a terrible idea. It works, but don't do it.