Jump to content

Security Questions About set_include_path and PEAR


Go to solution Solved by QuickOldCar,

Recommended Posts

Hi Guys,

 

I've got xampp running on my machine with wordpress, and had 2 security related questions:

 

A) I was constantly running into issues with wordpress and trying to find includes. I'm building a plugin, so on the plugin's main file, I just added a 'set_include_path' function equal to the root directory of my website. Then, the require_once, and include functions that are also on that page seem to have stopped having issues. Are there any security issues with using the set_include_path, and setting it to say 'C:/htdocs/home'?

 

B) I used Xampp to install apache, mysql, and php.  Until recently, I had no idea what PEAR was. I'm curious though...is PEAR installed by default with PHP or Xampp?

 

Thanks for any help guys :)

  • Solution

Have a look at $_SERVER['DOCUMENT_ROOT'] or dirname()

 

If you set the include path and is the correct location is fine.

PEAR comes with php as an extension.

 

an example adding the separator so PEAR doesn't toss messages

$directory_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;

require_once($directory_path . "/include/functions.php");
Edited by QuickOldCar
  • Like 1

Hi Guys, Thanks for the help.

 

I wasn't sure if wordpress was using PEAR already, and if I removed the include_path to the PEAR file from php.ini if that would screw up wordpress's functionality. For that matter, I can't even figure out why php isn't writing to the php_error log. I think I've properly setup everything in the php.ini file, but when I update it nothing happens. I have the path to the log file correct. I made sure a blank log file exists and that it's writable to the windows system user account - which I 'think' is what apache runs on. There was some weird file in there named NOEMPTY or some such thing which I don't understand. 

 

As for what was happening with the required() issues...It was weird. I'm building my first custom plugin for wordpress. When I would go to the index page, I'd get the required error - the 'Can't find required('xyz.php') directory' etc. So I'd change it to something like ../xyz.php, and it'd find it. Then as soon as I'd login and go to the wordpress admin menu, I'd get the 'can't find it' error again. So I'd go back into the file and remove the ../ and just go back to xyz.php, and it'd find it again. I have no idea what was causing the issue.

I'll check out wordpress's plugin_dir_path() function and see if that may be a better solution.  

 

Have a look at $_SERVER['DOCUMENT_ROOT'] or dirname()

 

If you set the include path and is the correct location is fine.

PEAR comes with php as an extension.

 

an example adding the separator so PEAR doesn't toss messages

$directory_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;

require_once($directory_path . "/include/functions.php");

 

@quickoldcar, you are slightly off. That is going to give you a V separator with directory slashes going in two different directions,

 

This will give you the correct cross platform solution:

$directory_path = __dir__;
require_once($directory_path  .DIRECTORY_SEPARATOR. "include" .DIRECTORY_SEPARATOR. "functions.php");
  • Like 1

 

@quickoldcar, you are slightly off. That is going to give you a V separator with directory slashes going in two different directions,

 

This will give you the correct cross platform solution:

$directory_path = __dir__;
require_once($directory_path  .DIRECTORY_SEPARATOR. "include" .DIRECTORY_SEPARATOR. "functions.php");

 

You are correct but seems to work that way for me on linux and windows boxes that way.

Seems to work with or without the first slash for directory or file.

It still even works going up directories both ways.

  • Like 1

I just ended up using the $_Server['DOCUMENT_ROOT'] global to get things working. Seems like gotten rid of the funky error I was getting before and after I logged in. Thanks everyone for the help. I really do appreciate it :)  Good grief, I'd ask a question over on the wordpress forums and they were totally worthless. :(

Only thing about using $_SERVER['DOCUMENT_ROOT'] instead of plugin_dir_path() is that the WordPress content directory can be renamed pretty easily, and if you've hard-coded the path from document root to the directory of your plugin (wp-content/plugins/MyPlugin/), it's going to break. Honestly, it's not like plenty of plugins don't already hard-code the plugin path (nextgen gallery, I'm looking at you...), but it is something to keep in mind.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.