在 CSS 文件中嵌入指向 PHP 程序的链接是否安全?
[英]Is embedding a link to a PHP program in a CSS file safe?
问题描述
While working on a website I inherited, I was trying to find a background image loaded by the page because it's not stored in the media manager or in the theme's image directory.
在我继承的网站上工作时,我试图找到页面加载的背景图像,因为它没有存储在媒体管理器或主题的图像目录中。 When I used Chrome's browser inspector to try and download the image, Chrome downloaded a PHP program instead.当我使用 Chrome 的浏览器检查器尝试下载图像时,Chrome 下载了一个 PHP 程序。 So, I took a closer look at the CSS file I was inspecting, and found this:所以,我仔细查看了我正在检查的 CSS 文件,发现了这个:
section#headerimg{height:600px;position:relative;z-index:-1;background:url(../images/headers/rotate.php) no-repeat 0 0;background-size:cover;/* Article
Being that this makes it easy to download the PHP source file that calls the image to be displayed rather than the output (the background image), is this a safe thing to do in a CSS file?由于这样可以轻松下载调用要显示的图像而不是输出(背景图像)的 PHP 源文件,在 CSS 文件中这样做是否安全? Is it even valid CSS?它甚至是有效的 CSS 吗? Note that this is not a PHP file that generates the CSS file, it's a static CSS file.请注意,这不是生成 CSS 文件的 PHP 文件,而是静态 CSS 文件。
1 个解决方案
解决方案1
0 2016-09-14 16:45:39
chris85 is correct. chris85 是正确的。 It turns out my client's hosting provider did not have the permissions set right on my client's account.事实证明,我客户的托管服务提供商没有在我客户的帐户上设置正确的权限。 I contacted the hosting provider and they corrected the issue.我联系了托管服务提供商,他们纠正了这个问题。 Now the referenced PHP file executes as it should.现在引用的 PHP 文件按原样执行。 Thank you for your help.感谢您的帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.