Javascript 在服务器配置中通过 allow_url_include=0 禁用包装器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6887338/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Wrapper is disabled in the server configuration by allow_url_include=0
提问by Anonymous
I am trying to retrieve page contents with an AJAXcall. I have a series of links within a page wrapper. When I click on a link, it loads a JavaScript function that retrieves page contents from a phpscript. In this case I am developing on my localhost, but in production the script will be within the same root folder and domain as the file that does the AJAXcall. I am using the response as the content for a div. The content isn't purely PHP, and by that I mean while it is generated by php it has HTMLelements like divs and spans. It's basically the stuff that is going between the opening and closing body tags. Because of this, I'm not sure I can just use json_encode.
我正在尝试通过AJAX呼叫检索页面内容。我在页面包装器中有一系列链接。当我单击一个链接时,它会加载一个 JavaScript 函数,该函数从php脚本中检索页面内容。在这种情况下,我正在开发我的localhost,但在生产中,脚本将与执行AJAX调用的文件位于相同的根文件夹和域中。我使用响应作为div. 内容不是纯粹的PHP,我的意思是,虽然它是由 php 生成的,但它具有HTML诸如divs 和 span 之类的元素。它基本上是介于开始和结束正文标签之间的东西。因此,我不确定我是否可以只使用json_encode.
Instead of the content loading in the div, I get the following error:
div我收到以下错误,而不是在 中加载内容:
Warning: require_once() [function.require-once]: http:// wrapper is disabled in the server configuration by allow_url_include=0
警告:require_once() [function.require-once]:http:// 包装器在服务器配置中被 allow_url_include=0 禁用
After reading up on allow_url_includeit seems that this is usually disabled by default. I'm assuming that this feature allows for some serious site attacks. Is that the case. If so, how can I retrieve the content from another file?
阅读后allow_url_include似乎默认情况下通常禁用此功能。我假设此功能允许一些严重的站点攻击。是这样吗。如果是这样,我如何从另一个文件中检索内容?
I tried using the JQueryload function:
我尝试使用JQuery加载功能:
$('#content').load('pages/test_page.php');
but with the exact same results.
但结果完全相同。
This is driving me nuts! TIA.
这让我发疯!TIA。
EDIT:I think I may have found the problem; the phpfile that the AJAXis retrieving content from is using require_once. The file that it is requiring is on the same server within the same root folder, but it was one directory up. HOWEVER, that creates a new problem: I'm getting the content, but not fully. For example, in the file I have this:
编辑:我想我可能已经发现了问题;从中检索内容的php文件AJAX正在使用require_once. 它需要的文件在同一根文件夹中的同一台服务器上,但它是一个目录。但是,这产生了一个新问题:我正在获取内容,但未完全获取。例如,在文件中我有这个:
Title: <?php echo $details['title']; ?>
I am only getting the first letter, and this holds true for other phpcontent that I echo.
我只收到第一个字母,这适用于phpI 的其他内容echo。
回答by Martin Tournoij
allow_url_includeonly affects include()and require(), you can still use the PEAR HTTP_Request2module or the curlfunctions to fetch webpages.
allow_url_include仅影响include()和require(),您仍然可以使用 PEARHTTP_Request2模块或curl函数来获取网页。
Using include()for remote webpages is considered to be a "bad practice", and may pose a security risk. For example, if you use include($var);and some attacker manages to replace $var with http://hacksite.tldhe/she can "inject" code ...
使用include()远程网页被认为是一个“不好的做法”,并可能带来安全风险。例如,如果您使用include($var);并且某些攻击者设法将 $var 替换为http://hacksite.tld他/她可以“注入”代码......
回答by user2187946
No worries, just use file_get_contents()then write a new file in your documents with the contents you have retrieved, then includethe file in your file. the file you included now is ready for any change you want, using css,javascript, etc.. this is basically what a wrapper does.
不用担心,只需使用file_get_contents()然后在您的文档中写入一个新文件,其中包含您检索到的内容,然后include是您文件中的文件。你现在包含在文件准备好你想要的任何变化,使用css,javascript等等。这基本上是一个包装做什么。
回答by Richie
that is because you are using a full url. try the following instead:
那是因为您使用的是完整网址。请尝试以下操作:
$('#content').load('test_page.php');
