OT. Windows server paths and PHP includes

For many web sites hosted on Unix servers I use (happily) a
construction like this for includes:

?>

But this does not work on Windows servers. Does anyone know a
likely other candidate expression that will tell the server to go
to the level at which I have the site index file and look inside
a folder called 'includes'? No matter where it appears deep
inside the website directories?

It sort of spoils the point to be tailoring each path to where
the html file happens to be with "../"s (which, of course,
"works").

I know, I have wondered about this before and never really got
anywhere. Seem unable to have used any previous remarks to
advantage or have now forgotten them.

--
dorayme

Re: OT. Windows server paths and PHP includes

Gazing into my crystal ball I observed dorayme
writing in news:doraymeRidThis-
33C704.19215517062007@news-vip.optusnet.com.au:

> For many web sites hosted on Unix servers I use (happily) a
> construction like this for includes:
>
> > ?>
>
> But this does not work on Windows servers. Does anyone know a
> likely other candidate expression that will tell the server to go
> to the level at which I have the site index file and look inside
> a folder called 'includes'? No matter where it appears deep
> inside the website directories?
>
> It sort of spoils the point to be tailoring each path to where
> the html file happens to be with "../"s (which, of course,
> "works").
>
> I know, I have wondered about this before and never really got
> anywhere. Seem unable to have used any previous remarks to
> advantage or have now forgotten them.
>

It's a security issue, designed to keep attackers from getting to
sensitive files on the file system. In IIS6, parent paths are disabled by
default. The only way to get past it is to get the server admin to
change it.

--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share

Re: OT. Windows server paths and PHP includes

In article ,
Adrienne Boswell wrote:

> Gazing into my crystal ball I observed dorayme
> writing in news:doraymeRidThis-
> 33C704.19215517062007@news-vip.optusnet.com.au:
>
> > For many web sites hosted on Unix servers I use (happily) a
> > construction like this for includes:
> >
> > > > ?>
> >
> > But this does not work on Windows servers. Does anyone know a
> > likely other candidate expression that will tell the server to go
> > to the level at which I have the site index file and look inside
> > a folder called 'includes'? No matter where it appears deep
> > inside the website directories?
> >
> > It sort of spoils the point to be tailoring each path to where
> > the html file happens to be with "../"s (which, of course,
> > "works").
> >
> > I know, I have wondered about this before and never really got
> > anywhere. Seem unable to have used any previous remarks to
> > advantage or have now forgotten them.
> >
>
> It's a security issue, designed to keep attackers from getting to
> sensitive files on the file system. In IIS6, parent paths are disabled by
> default. The only way to get past it is to get the server admin to
> change it.

In fact, although it is a bit of a bore, I have started putting
in the actual paths to the includes into each file on sites I
have on Windows Servers, it is still worth it. At least then, if
I change the includes file, it all happens.

But I am curious. Is there a worrying security issue with the
"global" method of doing what I do on Unix servers? i.e.:

?>

?

The includes folder is just at the level of the main home page
file (index.html ... this is usually the public_html level,
yes?), no higher or more unreachable.

And supposing I did ask the Windows server people to enable me to
globally specify a folder at the public_html level, I am curious:
what expression would I then use to specify the path, the same as
with the Unix server expression above or something rather
different?

--
dorayme

Re: OT. Windows server paths and PHP includes

> dorayme wrote:
> news: doraymeRidThis-33C704.19215517062007@news-vip.optusnet.com.a u
[snip]
> But this does not work on Windows servers. Does anyone know a
> likely other candidate expression that will tell the server to go
> to the level at which I have the site index file and look inside
> a folder called 'includes'? No matter where it appears deep
> inside the website directories?
>
[snip]
Check and see if you have a include path set.

echo ini_get('include_path');
/* .;K:\PHP\PEAR-1.5.4\pear;J:\apache\include */
?>

The include path I use is J:\apache\include

I put include files in that folder and then use:


No matter where the php files are located it always includes my.file

With a little luck this may work for your Windows server

--
BootNic Sunday, June 17, 2007 9:04 PM

Assert your right to make a few mistakes. If people can't accept your
imperfections, that's their fault.
*Dr. David M. Burns*

Re: OT. Windows server paths and PHP includes

In article ,
"BootNic" wrote:

> > dorayme wrote:
> > news: doraymeRidThis-33C704.19215517062007@news-vip.optusnet.com.a u
> [snip]
> > But this does not work on Windows servers. Does anyone know a
> > likely other candidate expression that will tell the server to go
> > to the level at which I have the site index file and look inside
> > a folder called 'includes'? No matter where it appears deep
> > inside the website directories?
> >
> [snip]
> Check and see if you have a include path set.
>
> > echo ini_get('include_path');
> /* .;K:\PHP\PEAR-1.5.4\pear;J:\apache\include */
> ?>
>
> The include path I use is J:\apache\include
>
> I put include files in that folder and then use:
>
>
> No matter where the php files are located it always includes my.file
>
> With a little luck this may work for your Windows server

On this particular problem it is an external server, owned by a
big popular ISP and is host for a company site. Meaning it is not
under my direct control.

I put a test html page up, with your

echo ini_get('include_path');
?>

on it and got back:

..;e:\php

This a clue to fashioning a "global" path address? What now?

(I tried various things with this but I feel like a monkey on a
typewriter. I suppose I could ask the ISP administrators what
path would always work? But ever tried communicating with big
ISPs? In a way, it is not the end of the world as I can just
ensure the paths are tailored to where the html files concerned
are. Seems a little inelegant though!)

--
dorayme

Re: OT. Windows server paths and PHP includes

Gazing into my crystal ball I observed dorayme
writing in
news:doraymeRidThis-0800D5.08394318062007@news-vip.optusnet. com.au:

> In article ,
> Adrienne Boswell wrote:
>
>> Gazing into my crystal ball I observed dorayme
>> writing in news:doraymeRidThis-
>> 33C704.19215517062007@news-vip.optusnet.com.au:
>>
>> > For many web sites hosted on Unix servers I use (happily) a
>> > construction like this for includes:
>> >
>> > >> > ?>
>> >
>> > But this does not work on Windows servers. Does anyone know a
>> > likely other candidate expression that will tell the server to go
>> > to the level at which I have the site index file and look inside
>> > a folder called 'includes'? No matter where it appears deep
>> > inside the website directories?
>> >
>> > It sort of spoils the point to be tailoring each path to where
>> > the html file happens to be with "../"s (which, of course,
>> > "works").
>> >
>> > I know, I have wondered about this before and never really got
>> > anywhere. Seem unable to have used any previous remarks to
>> > advantage or have now forgotten them.
>> >
>>
>> It's a security issue, designed to keep attackers from getting to
>> sensitive files on the file system. In IIS6, parent paths are
>> disabled by default. The only way to get past it is to get the
>> server admin to change it.
>
> In fact, although it is a bit of a bore, I have started putting
> in the actual paths to the includes into each file on sites I
> have on Windows Servers, it is still worth it. At least then, if
> I change the includes file, it all happens.

Problem comes in when you have:

httpdocs
httpdocs/somefolder

and you want to go from somefolder to httpdocs. Windows has a fit.

>
> But I am curious. Is there a worrying security issue with the
> "global" method of doing what I do on Unix servers? i.e.:
>
> > ?>
>
> ?
>

Probably not, since that global method points to the folder where the site
is configured.

> The includes folder is just at the level of the main home page
> file (index.html ... this is usually the public_html level,
> yes?), no higher or more unreachable.
>

That's the way it's _supposed_ to work. Probably something like SQL
injection, if you can get the server to send a little information about
itself, you could get to other areas.

> And supposing I did ask the Windows server people to enable me to
> globally specify a folder at the public_html level, I am curious:
> what expression would I then use to specify the path, the same as
> with the Unix server expression above or something rather
> different?
>

Parent paths are enabled on a site by site basis. I would image your code
would be exactly the same thing.


--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share

Re: OT. Windows server paths and PHP includes

> dorayme wrote:
> news: doraymeRidThis-2D0C70.11411318062007@news-vip.optusnet.com.a u
> In article ,
> "BootNic" wrote:
[snip]
> I put a test html page up, with your
[snip]
> on it and got back:
>
> .;e:\php
>
> This a clue to fashioning a "global" path address? What now?
Looks like there is no include_path set that would be of any use to you.
[snip]
Try the following and let me know what happens.
ini_set('display_errors','On');
while(@ chdir ('.') or die ('Failed to open directory.')){
$tem=getcwd();
@ chdir ('..') or die ('Failed to open directory.');
if($tem==getcwd()){
break;
}
echo getcwd().'
';
}
?>

--
BootNic Monday, June 18, 2007 1:08 AM

Facts do not cease to exist because they are ignored.
*Aldous Huxley*

Re: OT. Windows server paths and PHP includes

In article <9sodi.928$iz5.806@newsread4.news.pas.earthlink.net>,
"BootNic" wrote:

> > dorayme wrote:
> > news: doraymeRidThis-2D0C70.11411318062007@news-vip.optusnet.com.a u
> > In article ,
> > "BootNic" wrote:
> [snip]
> > I put a test html page up, with your
> [snip]
> > on it and got back:
> >
> > .;e:\php
> >
> > This a clue to fashioning a "global" path address? What now?
> Looks like there is no include_path set that would be of any use to you.
> [snip]
> Try the following and let me know what happens.
> > ini_set('display_errors','On');
> while(@ chdir ('.') or die ('Failed to open directory.')){
> $tem=getcwd();
> @ chdir ('..') or die ('Failed to open directory.');
> if($tem==getcwd()){
> break;
> }
> echo getcwd().'
';
> }
> ?>

I got "Failed to open directory."

--
dorayme

Re: OT. Windows server paths and PHP includes

> dorayme wrote:
> news: doraymeRidThis-F4139C.15150418062007@news-vip.optusnet.com.a u
> In article <9sodi.928$iz5.806@newsread4.news.pas.earthlink.net>,
> "BootNic" wrote:
[snip]
> I got "Failed to open directory."

It's the error I wrote, but should have been Failed to change.

Try the following, don't hold out for anything to happen.

echo getcwd();
?>

If that does work, you may try to put it in your includes folder and get
the path to your folder.

Else you could try this ugly messy, it may be better then changing it
on each and every page.

$file="myincludes/h.txt";
if(file_exists($file)){
include($file);
}
else {
$j=0;
$dir="../";
$path="";
while(!$path && file_exists($dir) && $j<100){
if(file_exists($file)){$path=$file;}
else{$file=$dir.$file;}
$j++;
}
include($path);
}
?>

--
BootNic Monday, June 18, 2007 1:47 AM

Man who scratch ass should not bite fingernails.
*Ancient Chinese Proverbs*

Re: OT. Windows server paths and PHP includes

In article
,
"BootNic" wrote:

> > dorayme wrote:
> > news: doraymeRidThis-F4139C.15150418062007@news-vip.optusnet.com.a u
> > In article <9sodi.928$iz5.806@newsread4.news.pas.earthlink.net>,
> > "BootNic" wrote:
> [snip]
> > I got "Failed to open directory."
>
> It's the error I wrote, but should have been Failed to change.
>
> Try the following, don't hold out for anything to happen.
>
> > echo getcwd();
> ?>
>
> If that does work, you may try to put it in your includes folder and get
> the path to your folder.
>
> Else you could try this ugly messy, it may be better then changing it
> on each and every page.
>
> > $file="myincludes/h.txt";
> if(file_exists($file)){
> include($file);
> }
> else {
> $j=0;
> $dir="../";
> $path="";
> while(!$path && file_exists($dir) && $j<100){
> if(file_exists($file)){$path=$file;}
> else{$file=$dir.$file;}
> $j++;
> }
> include($path);
> }
> ?>

Well, you are starting to knock me over as in 'with a feather'. I
got a result! I got a path from your code that looked (I have *
some content just for here) like this:

e:\****\****\includes

I then stuck it in my php include code strip:



and lo and behold, the footer appeared exactly as with a
"regular" path like

Now, that was trialled from within a test folder called
"includes" on the server. The big test: will it work if I have
this on a file deep in other directories?

Lemme see...

Well... well... it does work! You did it Bootnic. I am very
impressed.

Last time I named a js script after you (remember, about
centering blocks of floating thumbnails?), it sits on a server
showing off my daughters recent wedding. But what can I do here?
Perhaps a comment in the source code to the effect that viewers
are able to see footers, banners, navigation blocks because of
some crafty probing by Bootnic. (Wonder what the company execs
will think of that if they ever come across it? It is a
commercial site )

Seriously, thanks mate.

--
dorayme

Re: OT. Windows server paths and PHP includes

> dorayme wrote:
> news: doraymeRidThis-AE0E5C.16200918062007@news-vip.optusnet.com.a u
> In article
> ,
> "BootNic" wrote:
[snip]
> Well, you are starting to knock me over as in 'with a feather'. I
> got a result! I got a path from your code that looked (I have *
> some content just for here) like this:
>
> e:\****\****\includes
[snip]
> Seriously, thanks mate.

Your welcome.

Now if you have more then one inclued per page this will be worth your
time as well.

ini_set('include_path',ini_get('include_path').';e:\*****\** ***\includes');
?>

Re: OT. Windows server paths and PHP includes

In article
,
"BootNic" wrote:

> > dorayme wrote:
> > news: doraymeRidThis-AE0E5C.16200918062007@news-vip.optusnet.com.a u
> > In article
> > ,
> > "BootNic" wrote:
> [snip]
> > Well, you are starting to knock me over as in 'with a feather'. I
> > got a result! I got a path from your code that looked (I have *
> > some content just for here) like this:
> >
> > e:\****\****\includes
> [snip]
> > Seriously, thanks mate.
>
> Your welcome.
>
> Now if you have more then one inclued per page this will be worth your
> time as well.
>
> > ini_set('include_path',ini_get('include_path').';e:\*****\** ***\includes');
> ?>
>
>
>