Logo
My Journal
Blog

Timeline

Blog

include function for remote files disabled by default

If your PHP installation is secure and you try to include a file using an absolute path or a remote file then you will face this issue. For example …

[php]
<?
include ("http://www.somedomain.com/file.php");
?>
[/php]

will result in you seeing this PHP error when viewing the page in your browser …

Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/user/public_html/page.php on line xx

Warning: include(http://www.somedomain.com/file.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/user/public_html/page.php on line xx

Warning: include() [function.include]: Failed opening ‘http://www.somedomain.com/file.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/user/public_html/page.php on line xx

PHP 5 has the include function for remote files disabled by default and if your host is using another version of PHP and has secured the installation then you will also face this error.

The reasons for disabling PHP include for remote files is clear – to do so would leave your coding open to cross site scripting attacks (XSS attacks). This is the method by which someone of malintent would inject their own code into yours, such malicious code is usually crafted to conduct a DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack both of which would cause server downtime. Other injections could include alternative page content, such as a ‘Hacked by some Hackers’ type of announcement across your web page(s).

So if you were planning on asking your host to allow this function for remote files, think again.

This error can easily be dealt with by using a better solution for including remote file contents in your coding. If you want to include a remote file then I would recommend that you use the file_get_contents() function instead. Use this function together with a variable and return the variable in your code …

[php]
<?
$a = file_get_contents("http://www.somedomain.com/file.php");
echo ($a);
?>
[/php]

If you are trying to include a file that is already in your site then use a relative URL rather than an absolute one …

[php]
<?
include (file.php);
?>
[/php]

Another alternative, and one that is perhaps easier to write in since it uses the require_once function which does not require the use of anything other than system variables, is the following:

[php]
<?
require_once($_SERVER[‘DOCUMENT_ROOT’].’file.php’);
?>
[/php]

Leave A Comment