I currently have a Movable Type blog where the pages do not have any file extensions...so example.com/entries/this-is-my-entry
I added DefaultType text/html, so Apache knows if there isn't any extension on the end of the file to display as HTML. That works great.
Now the problem is I have PHP code in the HTML. The page won't render the PHP code if there is no extension. However, when I publish the entries with a .html extension....the PHP code works perfectly.
I have AddHandler php5-script .html to tell Apache to display PHP in the HTML files. I'm guessing, if there isn't any file extension, it doesn't know to render the PHP code, because it is expecting files with a .html extension...is there a way to say any file that doesn't have an extension can use PHP?
I'm doing the same implementation for my personal MT blog, with the entries having no file extension. (The theory being that I could switch to other techniques in the future without being hampered by extensions like .html, .php, etc.)
You can accomplish this by setting your default type to be PHP:
DefaultType application/x-httpd-php
All PHP files are interpreted at first as HTML, so this works even for files with no PHP in them.
Maybe you can try using <FileMatch> directive? Something like
<FilesMatch "^[^\.]$">
ForceType application/x-httpd-php
</FilesMatch>
There is nothing directly corresponding to DefaultType for AddHandler, but you can hack around it in a fairly ugly way:
<FilesMatch "^(?!.*\..+)">
SetHandler php5-script
</FilesMatch>
Related
I'm using PhpStorm 2016 with php language level 5.6 and the interpeter is PHP 5(5.6.24) and xampp version 3.2.2 .
I'm trying to add some php code in html page,
I created a file .htaccess in the same folder where my html file located, and put AddType application/x-httpd-php5 .html .htm inside it, added <?php echo "example" ?> but it doesn't show up.
I even tried <FilesMatch "\.html$">
ForceType application/x-httpd-php
</FilesMatch>, AddHandler application/x-httpd-php5 .html .htm and AddType application/x-httpd-php .html .htm but nothing work, don't know what eles to do.
Hope you can help me with any idea.
Thank you.
You may need to edit the Apache config file, and check if AllowOverride is set to none. If AllowOverride is set to None, .htaccess files are completely ignored.
See httpd.apache.org/docs/2.4/mod/core.html#allowoverride
To allow only the ForceType directive it would be
AllowOverride FileInfo
or if you want all entries in your .htaccess to be honored, then
AllowOverride All
In order to get xampp to interpret the file as PHP, you will need to set the Apache Server web-root to the base of your project (where the html files are) and access the webserver via the server (HTTP in a web-browser).
It sounds like you're trying to access the file directly with the browser (skipping the PHP processor).
I am setting up a couple of PHP documents that include .cfg for configuration files, .tpl for template structure files, .dlf for document layout files, .dbh for database connections and so on.
Now they're called .tpl.php, .dlf.php etc. But do they need to have the .php extension as well?
If not are there any extensions I shouldn't be using? like .exe for executables.
From Hiding PHP on PHP.net:
Another tactic is to configure web servers such as apache to parse different filetypes through PHP, either with an .htaccess directive, or in the apache configuration file itself. You can then use misleading file extensions:
# Make PHP code look like unknown types
AddType application/x-httpd-php .bop .foo .133t
So you can add a .htaccess rule that would mean that your server treats .tpl, .dlf etc as if they were PHP files, like so:
AddType application/x-httpd-php .tpl .dlf .dbh
However, if you are just using include or require, it doesn't matter what extension you use:
include "inc/template.tpl";
require "inc/database.dbh";
require_once("inc/config.ext.php.url.tpl.cfg");
You can change server config to enterpret other file extensions as PHP
In Apache you can add to this:
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
if you include the files, then any extension will do:
in script.php:
include 'includes/foo.inc';
include 'inlcudes/bar.whatever';
will all work
Can somebody tell me how to treat .inc files as .php so I can include the .inc files into my php code. You can tell me change their extension to .php but it is not easy since there are hundred of pages which use the inc version.
Basically I need to declare types and handler in .htaccess.
I am running PHP over Apache.
Thanks.
add this to your httpd.conf
<FilesMatch "\.inc$">
SetHandler application/x-httpd-php
</FilesMatch>
Or in the .htaccess file
AddHandler application/x-httpd-php .inc
If you are including them via include() or require() into your PHP code, there's no need to change the extension. Anything included via the include() family is already treated as PHP.
Addendum:
Please also see #Darhazer's answer configuring Apache to serve .inc as PHP if you have a need to do so. (It's not totally clear from your question).
Do nothing.
PHP doesn't care what file extension included files has, it will still execute any code between <?php and ?> in them.
Let's say i have an image uploader script, i want to prevent the upload directory from executing Php or even html by only showing it as plain text, i've seen this trick in many websites but i don't know how they do it.
Briefly, if i upload evil.php to that directory, and i try to access it i will only see a plain text source , No html or php is executed. ( but i still want the images to appear normally ofcourse)
I know i can do like that by header("content-type:text/plain"); but that's will not be helpful, because what i want, is to set the content-type:text/plain automatically by the server for every thing outputed from the upload directory except images.
Note: i'm running php 5.3.2/Cent OS and the latest cPanel.
Thanks
At the very least, you'll want to put the following in your .htaccess file for the upload directory:
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
The problem with an .htaccess file is if your upload does not block the upload, your .htaccess can be overwritten. An alternative solution is using an Apache directive (if you are using Apache) shown here, Disable PHP in directory (including all sub-directories) with .htaccess
Put a .htaccess in the upload directory.
AddType 'text/plain' .php .html
or
ForceType 'text/plain'
#...
Do a Google search for "disable script execution for directory" to turn up a number of options. This one is my favorite:
AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi .js
The only downside is that you have to explicitly name the extensions not to run, but it may be possible (just a hunch) to use some sort of wild card so that all file extensions are considered plain text, and then manually add the Mime Type for your standard image extensions.
Since you're talking about an image uploader, you don't want to display images as plain/text. How would you separate images from malicious files? During that task, just block saving the particular file.
How can we include a php file into a html file?
I know we can do this with:
<AddType application/x-httpd-php .html>
but I don't have access to the server. Any other solution which I can include in my website folder or file?
Why not just rename the file to end in PHP? That would be the simplest way to do this.
If you have access to your website folder, you could create a .htaccess file that includes:
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php .html
</IfModule>
You could alternatively try:
<FilesMatch "\.(htm|html|php)$">
SetHandler application/x-httpd-php
</FilesMatch>
Depending on what the code looks like that you want to include, and if you really have no other choice like the ones presented by Druid, you can use one of the following less-than-perfect embedding solutions:
An IFRAME with frameborder="0" pointing to the PHP script (Downside: dynamic resizing according to output size is possible only with JavaScript
An AJAX Snippet that loads the PHP file onLoad and injects the output into a DIV of your choice
A tag pointing to the PHP file. The PHP file must then issue JavaScript commands like "document.write()".
The IFRAME is the most fail-safe in the event the client has no JavaScript. The AJAX Snippet is the most elegant solution.
The correct solution is not renaming it to .php.
It is renaming to .phtml ;)
.phtml is the official file type for crossover files containing PHP and HTML code.