Php Include Relative Path

Disallowed Parent Path

No. Two issues come to mind. If someone (you) move your file and inadvertently you start including the wrong file since it was a relative path. Second issue is, if you are including a variable name in your path, for example:






// DO NOT DO THIS !

$file = $_GET['filename'];

include("../../$file/index.php');



?>



There are good reasons why you should use absolute paths over relative paths. First off, in PHP it is faster. Although not really notable unless you are doing some heavy benchmarking. Secondly, you can move the file from its location and not break your website. Lastly, and most importantly, your code is easier to READ. Compare:



include('../../../images/logo.png');



include('/web/images/logo.png');



An extreme example, but you get the point.



What I do is at the start of my source, define a constant with the root to my site. Such as:



define('ABS_PATH','/dir/dir/dir/web/')



And I include my files such as this:



include(ABS_PATH . 'classes/gui.inc')



Which equates to:



"/dir/dir/dir/web/classes/gui.inc"



Hope I helped.

Your partner needs to be reminded that over the past year the boy has had some very traumatic experiences, and you are the closest to a mother that he has, and of course he's going to want to be physically close to you. The use of the word 'normal' is not only inappropriate here, it's also insulting. A 'normal' boy that age would not have gone through what your son has gone through. I don't see anything wrong in the boy physically demonstrating his affection for you. I mean, you've taken him in and given him a home, and he's comfortable with you. You are most certainly NOT corrupting anyone, and I think your partner has rather a sick attitude. I think your partner needs to get a grip and wise up to the fact that yours is a mother-son relationship, and that the boy NEEDS this physical affection from you - and it wouldn't hurt to get it from your partner either, seeing as the boy has lost his father also. But it would have to be genuine.

Here is what I found:



Parent paths are like "../folder/folder/file.asp", notice the ../ trying to go to the "Parent Path". This would be used for like include files or a database path.



By default, Enable parent paths is set to no. When Enable parent paths is set to no, a FileSystemObject object instantiated by an ASP application is limited to that application's defined directory. This is the most secure setting and is appropriate for most shared Web hosting environments.







When Enable parent paths is set to yes, the FileSystemObject object can access files outside the ASP application directory. In this scenario, ASP developers can use the "../" syntax in #include statements to access any file outside of the Web directory that the ASP Server has file system permission to read.



Changing Enable parent paths to yes can affect the security of your server.



Before you change this setting, make sure that the ASP Server has permission to access only the files you want to be publicly accessible, and that it does not have access to sensitive files containing configuration or password information. You can restrict the permissions of the ASP Server by defining the user it runs under, and making sure that that user has appropriately restricted file system permissions.



Note The Enable parent paths setting does not add any restrictions to executing Java code. For example, if you want to restrict Java code to access files within the application directory, the proper permissions should be in the bean.policy file. use absolute paths rather than parent paths. "/folder/folder/file.asp" - absolute paths that can be used from any level of the sites directory structure.



Any one using a sub-domain or a domain should be able to refer to the root of their site using nothing more than a " / ". Using that style of path you could reduce the menus to just one file rather than two. I could be wrong here but the parent path you show looks like a relative path to me. Meaning it will only open a file that is in a position

relevant to where the the file is being called from.



Most of this could be resolved if you set a site root variable. then used

that for all the images links etc....



Parent paths are used by web developers to navigate to pages that are further embedded in the directory structure. By disabling the parent paths, one is preventing the hacker from using a parent path notation (i.e."../") to move around the web site.





Server Side Includes: Server Side Includes or SSI allow the use of shared common code such as headers, footers, and left navigation created in one file and shared through the use of "includes" throughout the site. The advantage is that only one file needs to be updated when a global change is made. Our web servers do not allow "Parent Paths" anymore because Microsoft has determined that enabling this feature may constitute a security risk because an include path can access critical or confidential files outside the root directory of the application.



If your application contains a Web page that contains the #include server-side include directive and uses ".." notation to refer to a parent directory, your page will not load and an error message will be displayed. When you try to view an Active Server Pages (ASP) page that is running on Internet Information Services (IIS) 6.0, you may receive one of the following error messages in your browser:



* If the Show Friendly Http Error Messages check box in Microsoft Internet Explorer is not selected:



Active Server Pages error 'ASP 0131'

Disallowed Parent Path

//, line

cannot contain '..' to indicate the parent directory.



* If the Show Friendly Http Error Messages check box in Microsoft Internet Explorer is selected:



The Page Cannot Be Displayed

HTTP 500-Internal server error

Pretty good arguments here.