stackoom
  简体   繁体   中英

PHP—“Defined or Exit” at the beginning of many files?

 原文  2011-11-18 22:16:11       php

Question

I have been inspecting some PHP source codes and I more often than not find files starting with 

defined('__someconstant__') or exit();

I know that this prevents the file to be accessed directly if a previous file defining __someconstant__ , but then I wonder if this is really necessary... Isn't there (even non-PHP based) a cleaner way of doing it without introducing this extra code in every file?

3 answers

solution1
 4  2011-11-18 22:23:50

To avoid those (useless) lines at the top of (nearly) each file, your could:

  • Store a public "controller" file (like index.php in a directory called web or public on which your web server's alias or virtual host points to

  • Store in other directories like lib , config , apps ... all the files that should not be directly accessed through the webserver by simply typing an URL.

This is typically the structure of existing frameworks such as Symfony 1.x

Additionally you can (and certainly will, for URL rewrites) put a .htaccess file, but a server misconfiguration can incidentally disable it, so keeping source files in distinct directories is IMO better.

solution2
 4 ACCPTED  2011-11-18 22:24:46

Isn't there (even non-PHP based) a cleaner way of doing it without introducing this extra code in every file?

Presence of such snippets indicate bad code structuring, namely code automatically executing in global scope. You shouldn't have this or exit(); code in pure function/class includes. It would be redundant there.

Code that does perform potentially dangerous actions shoult not be web-accessible in the first place. The or exit; approach is a workaround. It should always be accompanied by a FilesMatch and Deny from All in a .htaccess file however. Best set the whole include directory inaccessible.

solution3
 1  2011-11-18 22:24:18

Adding to @NullUserException's answer...

Yes there are other ways of preventing a file from being accessed directly (.htaccess being one), but for software that is shared with a wide audience, you can't really rely on those technologies being there. You can rely on a simple condition at the top of the files though.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question files created by PHP deleted on exit garbage code appearing at the beginning of PHP files PHP filemtime of many files PHP many included files Rename Many Files in a Folder - PHP How many open files in PHP? Index many PDF Files in PHP? PHP storage of many large files Small editing to my php code that adds a string at the beginning of files How can I add one line into all php files' beginning?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM