nigelmas

I'm running php 5.2.5 with these settings in a virtualhost block in apache
2.0.61:

php_admin_flag safe_mode on
php_admin_value include_path "/afs/msu.edu/.../web"
php_admin_value safe_mode_include_dir "/afs/msu.edu/.../web"

I've got an index.php file in web/support/ that does a
require_once("../includes/support.php");

Being in afs with write access from multiple people, the uids of the files
do not match and I get an error stating that. So I put the
safe_mode_include_dir line above in but it did not fix the problem until I
used the absolute path in the require_once line.

Is there a way to include files with relative paths?

--
Tony

nigelmas

I'm running php 5.2.5 with these settings in a virtualhost block in
apache 2.0.61:
php_admin_flag safe_mode on
php_admin_value include_path "/afs/msu.edu/.../web"
php_admin_value safe_mode_include_dir "/afs/msu.edu/.../web"
I've got an index.php file in web/support/ that does a
require_once("../includes/support.php");
Being in afs with write access from multiple people, the uids of the
files do not match and I get an error stating that. So I put the
safe_mode_include_dir line above in but it did not fix the problem
until I used the absolute path in the require_once line.
Is there a way to include files with relative paths?

--
Tony

parasane

Tony,

Calm down. It may take us 21 minutes to respond sometimes, but we
will. No need to repost. ;-P


Is there a specific reason you're using require_once() instead of
include_once() ? There actually is a difference.... include() and
include_once() will only include the file if that line of code is
executed, whereas require() and require_once() will include the file
even if the line is inside of an if() {} block for which the
condition(s) are never matched.


Of course there is. For example, say you're in a laterally-equal
directory as one from which you want to include a file.
<? include('../otherdir/file.php'); ?>

As long as you have permissions to read the files, you're good to
go. My guess is that you may have done the relative linking
improperly. Is the file actually `web/includes/support.php` called
from `web/index.php`?

The other thing I would suggest is making sure your target include
directory is a real directory and not a symlinked directory.

--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.

nigelmas

Sorry about the double posting. I thought I sent the first email
before I was subscribed.

I definitely should've pointed out that the code works with safe_mode
off so I know the paths are correct.

I'm actually not the author of the code. I'm a sys admin trying to
upgrade the site with safe_mode on.

The target directory is a real world readable directory.

agrobinet

Hi Tony,

Please keep in mind that the use of

php_admin_value include_path "/afs/msu.edu/.../web"

....will prevent a user from changing the include_path because of the "admin"
part (this is ok for the safe mode include dir, but not for the include_path
setting I think). So, I'd say you keep the safe_mode_include_dir, and change
the include path to:

php_value include_path "/afs/msu.edu/.../web"

Also, it is likely that while using relative paths you run into problems
because the "current directory" can be anything except the expected one, so
I'd rather use absolute paths (if it's my own code) or fix it using
..htaccess files (this is your case as you are a sysadmin) like this:

php_value include_path "/one/path;/another/path;./"

.... but for that to work you must not use php_admin_value in the virtualhost
config (notice that this is not related to safe mode security, if safe_mode
is well configured, it doesn't mind what you are using as include_dir).

If anyone has more ideas... please throw them (and fix my errors).

Rob


Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695
Email: info@bestplace.net | MSN Chat: best@bestplace.net | SKYPE:
bestplace | Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

news.nospam.0ixbtqke

Is that still the case?
<http://se2.php.net/manual/en/function.require.php>:

"require() and include() are identical in every way except
how they handle failure."

"Note: Prior to PHP 4.0.2, the following applies: require()
will always attempt to read the target file, even if the
line it's on never executes."


/Nisse

parasane

D'oh!

This is why it's a good idea to check the manual every so often,
just to re-read things. :-\

--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.

nigelmas

No luck with these solutions. What does work is:

require_once(dirname(__FILE__) . '/../php/support.php');

but I still don't understand why the relative link doesn't work.

agrobinet

Hi Tony,

dirname(__FILE__) will always give you the script's directory, while
dirname(dirname(__FILE__)) would be equivalent to dirname(__FILE__).'/..'
which is what you are doing now.

Using relative paths is not a good idea, but if you have other people's code
to deal with, you'd better off creating an .htaccess file or editing the
virtualhost configuration than checking file by file for relative paths and
converting them to absolute paths (even with linux tools like sed or awk...
there's no warranty you'll do it right).

AFAIK, when you use relative paths, there are three things to take into
account:

1 - The script that's handling the request (the one that gets called first
and loads every other script). I think this can be queried through
$_SERVER['PHP_SELF'].
2 - The value for the PHP include path which you can obtain using
get_include_path().
3 - The current directory which you can obtain using getcwd(). Usually this
is the directory of the script that got called at first (but this is not
always the case).

However...this is a quote from my offline version of the extended PHP
manual...

"Files for including are first looked for in each include_path entry
relative to the current working directory, and then in the directory of
current script. E.g. if your include_path is libraries, current working
directory is /www/, you included include/a.php and there is include "b.php"
in that file, b.php is first looked in /www/libraries/ and then in
/www/include/. If filename begins with ./ or ../, it is looked only in the
current working directory."

So... provided that you are using "./script.php" and/or "../script.php"
what's the value for the current directory before you throw the
"require_once"? can you do an "echo getcwd()" in the line above the
"require_once" for testing purposes? Is that what you expect?

Also, keep in mind that for the safe_mode_include_dir directive to work
properly for relative paths, you must also add the shared path to the
include_path directive. Another quote of my offline PHP manual...

"safe_mode_include_dir string
UID/GID checks are bypassed when including files from this directory and its
subdirectories (directory must also be in include_path or full path must
including).

As of PHP 4.2.0, this directive can take a colon (semi-colon on Windows)
separated path in a fashion similar to the include_path directive, rather
than just a single directory.

The restriction specified is actually a prefix, not a directory name. This
means that "safe_mode_include_dir = /dir/incl" also allows access to
"/dir/include" and "/dir/incls" if they exist. When you want to restrict
access to only the specified directory, end with a slash. For example:
"safe_mode_include_dir = /dir/incl/"

If the value of this directive is empty, no files with different UID/GID can
be included in PHP 4.2.3 and as of PHP 4.3.3. In earlier versions, all files
could be included."

Anyway... for the sake of simplicity you can live with adding
dirname(__FILE__) everywhere for now.... but you'll see how bad it will be
if you have to modify one thousand scripts in this way, with variations such
as require/include, once/not-once, parenthesized/not-parenthesized. And you
will risk breaking legitimate scripts.

So... for the future, think about it.

Rob


Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695
Email: info@bestplace.net | MSN Chat: best@bestplace.net | SKYPE:
bestplace | Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

ceo

The manual is correct.

The only real difference these days is that require issues an E_ERROR
(which halts processing) and include issues an E_WARNING (which lets
your script continue)

In olden times, the differences were bigger and more subtle, such as
order of compilation etc. Few folks grokked it, and even fewer (like,
none) needed it, so it got simplified.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?