jdlev Posted February 8, 2016 Share Posted February 8, 2016 Hi Guys, I've got xampp running on my machine with wordpress, and had 2 security related questions: A) I was constantly running into issues with wordpress and trying to find includes. I'm building a plugin, so on the plugin's main file, I just added a 'set_include_path' function equal to the root directory of my website. Then, the require_once, and include functions that are also on that page seem to have stopped having issues. Are there any security issues with using the set_include_path, and setting it to say 'C:/htdocs/home'? B) I used Xampp to install apache, mysql, and php. Until recently, I had no idea what PEAR was. I'm curious though...is PEAR installed by default with PHP or Xampp? Thanks for any help guys Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/ Share on other sites More sharing options...
Solution QuickOldCar Posted February 8, 2016 Solution Share Posted February 8, 2016 (edited) Have a look at $_SERVER['DOCUMENT_ROOT'] or dirname() If you set the include path and is the correct location is fine. PEAR comes with php as an extension. an example adding the separator so PEAR doesn't toss messages $directory_path = dirname(__FILE__) . DIRECTORY_SEPARATOR; require_once($directory_path . "/include/functions.php"); Edited February 8, 2016 by QuickOldCar 1 Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530868 Share on other sites More sharing options...
maxxd Posted February 8, 2016 Share Posted February 8, 2016 Are you having trouble with WordPress's plugin_dir_path()? What are the issues you're having with including files? Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530874 Share on other sites More sharing options...
jdlev Posted February 8, 2016 Author Share Posted February 8, 2016 Hi Guys, Thanks for the help. I wasn't sure if wordpress was using PEAR already, and if I removed the include_path to the PEAR file from php.ini if that would screw up wordpress's functionality. For that matter, I can't even figure out why php isn't writing to the php_error log. I think I've properly setup everything in the php.ini file, but when I update it nothing happens. I have the path to the log file correct. I made sure a blank log file exists and that it's writable to the windows system user account - which I 'think' is what apache runs on. There was some weird file in there named NOEMPTY or some such thing which I don't understand. As for what was happening with the required() issues...It was weird. I'm building my first custom plugin for wordpress. When I would go to the index page, I'd get the required error - the 'Can't find required('xyz.php') directory' etc. So I'd change it to something like ../xyz.php, and it'd find it. Then as soon as I'd login and go to the wordpress admin menu, I'd get the 'can't find it' error again. So I'd go back into the file and remove the ../ and just go back to xyz.php, and it'd find it again. I have no idea what was causing the issue.I'll check out wordpress's plugin_dir_path() function and see if that may be a better solution. Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530892 Share on other sites More sharing options...
benanamen Posted February 9, 2016 Share Posted February 9, 2016 Have a look at $_SERVER['DOCUMENT_ROOT'] or dirname() If you set the include path and is the correct location is fine. PEAR comes with php as an extension. an example adding the separator so PEAR doesn't toss messages $directory_path = dirname(__FILE__) . DIRECTORY_SEPARATOR; require_once($directory_path . "/include/functions.php"); @quickoldcar, you are slightly off. That is going to give you a V separator with directory slashes going in two different directions, This will give you the correct cross platform solution: $directory_path = __dir__; require_once($directory_path .DIRECTORY_SEPARATOR. "include" .DIRECTORY_SEPARATOR. "functions.php"); 1 Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530895 Share on other sites More sharing options...
jdlev Posted February 9, 2016 Author Share Posted February 9, 2016 Thanks Kevin Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530936 Share on other sites More sharing options...
QuickOldCar Posted February 9, 2016 Share Posted February 9, 2016 @quickoldcar, you are slightly off. That is going to give you a V separator with directory slashes going in two different directions, This will give you the correct cross platform solution: $directory_path = __dir__; require_once($directory_path .DIRECTORY_SEPARATOR. "include" .DIRECTORY_SEPARATOR. "functions.php"); You are correct but seems to work that way for me on linux and windows boxes that way. Seems to work with or without the first slash for directory or file. It still even works going up directories both ways. 1 Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530943 Share on other sites More sharing options...
Jacques1 Posted February 10, 2016 Share Posted February 10, 2016 Every operating system supports forward slashes, even odd ones like Windows. Since that's a lot shorter and more readable than DIRECTORY_SEPARATOR, I'd go with forward slashes. 1 Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530949 Share on other sites More sharing options...
jdlev Posted February 10, 2016 Author Share Posted February 10, 2016 I just ended up using the $_Server['DOCUMENT_ROOT'] global to get things working. Seems like gotten rid of the funky error I was getting before and after I logged in. Thanks everyone for the help. I really do appreciate it Good grief, I'd ask a question over on the wordpress forums and they were totally worthless. Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530955 Share on other sites More sharing options...
maxxd Posted February 10, 2016 Share Posted February 10, 2016 Only thing about using $_SERVER['DOCUMENT_ROOT'] instead of plugin_dir_path() is that the WordPress content directory can be renamed pretty easily, and if you've hard-coded the path from document root to the directory of your plugin (wp-content/plugins/MyPlugin/), it's going to break. Honestly, it's not like plenty of plugins don't already hard-code the plugin path (nextgen gallery, I'm looking at you...), but it is something to keep in mind. Quote Link to comment https://forums.phpfreaks.com/topic/300753-security-questions-about-set_include_path-and-pear/#findComment-1530957 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.