set_include_path 有任何缺点或安全风险吗?
好吧,首先 - 我沉迷于对所有内容使用根相对链接结构。包含在 php 中总是让我感到困难,但我偶然发现了一行代码,可以让我相对地包含 root。
这真的很简单:
set_include_path( get_include_path() . PATH_SEPARATOR . $_SERVER['DOCUMENT_ROOT'] );
这是来自 php 手册中的评论
我有一个非常简单的 php 站点,但有许多不同的子目录,这使得它易于使用。另外 - 该公司可能很快就会切换服务器,我认为这可能会简化许多站点的过渡。
那么这里是否存在安全风险呢?我不会动态包含文件或远程包含它们。在每个 php 文件的顶部包含此内容是否会影响性能?还是可以忽略不计?
Ok, to start with - I am addicted to using a root relative link structure for everything. Include in php always makes that difficult for me, but I happened upon a line of code that lets me include root-relatively.
It's really simple:
set_include_path( get_include_path() . PATH_SEPARATOR . $_SERVER['DOCUMENT_ROOT'] );
That's from a comment in the php manual
I have a pretty simple php site, but with many different subdirectories, and this makes it easy to use. Also - the company may be switching servers soon, and I am thinking this may ease the transition for many sites.
So is there a security risk here? I don't dynamically include files or remotely include them. Am I taking a performance hit including this at the top of every php file? or is it negligible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只要您控制
include_path中的内容,就不存在安全风险。但是,如果
include_path中的路径过多,则会影响性能(因为 PHP 在查找文件之前必须尝试每个路径)。There is no security risk as long as you control what you put in the
include_path.There is, however, a performance hit if you have too many paths in your
include_path(as PHP will have to try each path before finding the file).根据您的代码,文档根目录位于
include_path的末尾,因此只有在include_path的其余部分中找不到包含的文件时,您才会看到性能下降>(即丢失的文件)。Given your code, the docroot is at the end of the
include_path, so you'll only see a performance hit when an included file isn't found in the rest of theinclude_path(ie a missing file).