php 使用 include 时不能直接访问脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18384500/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
No direct script access when using include
提问by Doug Fir
I have a PHP powered CMS website. I'd like to include database.phpin a PHP script. database.php is in the config folder and has the db connections details (pass, db_name etc).
我有一个 PHP 驱动的 CMS 网站。我想包含database.php在一个 PHP 脚本中。database.php 位于 config 文件夹中,包含数据库连接详细信息(pass、db_name 等)。
Here is the script:
这是脚本:
<?php
echo __DIR__ ."<br /><br />";
//make sure your assumptions on directories and path are correct for the
//include below
include '../application/config/database.php';
?>
Running the script, I get this message:
运行脚本,我收到此消息:
/Applications/XAMPP/xamppfiles/htdocs/tslocal/textbook_scripts
No direct script access.
/Applications/XAMPP/xamppfiles/htdocs/tslocal/textbook_scripts
没有直接的脚本访问。
On the first line of database.phpis this line:
在第一行database.php是这一行:
<?php defined('SYSPATH') or die('No direct script access.');
I'm guessing that the CMS has somehow "protected" the config file which is preventing me from including it. What is "No direct script access"? Google gives me lots of examples of people seeking to add this functionality. I wish to remove it. Possible? Likely? How do I tell PHP to let me access database.php?
我猜 CMS 以某种方式“保护”了阻止我包含它的配置文件。什么是“无直接脚本访问”?Google 为我提供了许多寻求添加此功能的人的示例。我想删除它。可能的?可能吗?我如何告诉 PHP 让我访问 database.php?
回答by Jeff Lambert
The basic way for going about this is somewhere in the application (prior to the loading of database.php) there is a line something along the lines of:
解决这个问题的基本方法是在应用程序的某个地方(在加载 database.php 之前)有一条线:
define( 'APPLICATION_LOADED', true );
In the database.php there is a check being performed against this, similar to:
在 database.php 中,对此进行了检查,类似于:
if( !defined('APPLICATION_LOADED') || !APPLICATION_LOADED ) {
die( 'No direct script access.' );
}
Look in database.php and whatever files it includes to determine how it is checking to see if the script is being directly accessed or not. Then you can mimic the conditions necessary if you would like to include that file in your script.
查看 database.php 及其包含的任何文件,以确定它如何检查脚本是否被直接访问。然后,如果您想在脚本中包含该文件,您可以模拟必要的条件。
回答by Eric Leschinski
I got this PHP error from Codeigniter's Email.php class called CI_Email:
我从 Codeigniter 的名为 CI_Email 的 Email.php 类中得到了这个 PHP 错误:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class CI_Email {
var $smtp_default_from = '';
var $smtp_default_name = '';
var $useragent = "CodeIgniter";
var $mailpath = "/usr/sbin/sendmail";
//more code omitted
}
What I did was try to include this class directly like this:
我所做的是尝试像这样直接包含这个类:
<?php
include("Email.php");
?>
And when I run it, it says:
当我运行它时,它说:
No direct script access.
The PHP method "defined"checks whether the given constant exists and is defined.
PHP方法“已定义”检查给定的常量是否存在并已定义。
So for my particular class it says that BASEPATH must be defined. So if you define it like this:
所以对于我的特定类,它说必须定义 BASEPATH。所以如果你这样定义它:
<?php
define('BASEPATH', "foobar");
include("Email.php");
?>
Then the error is no longer thrown. But then we have to wonder why the developers put in this particular restriction and what will happen if we bypass it.
然后不再抛出错误。但是我们不得不想知道为什么开发人员会设置这个特殊限制,如果我们绕过它会发生什么。
