gsingh2011 Posted May 26, 2012 Share Posted May 26, 2012 (edited) I have a CSS file that all of my HTML files include. I don't like the idea of having the absolute document root path displayed in the HTML code when the file is included, so I don't want to use $_SERVER['DOCUMENT_ROOT'] as the basepath to the file. Is there a way for me to get the relative path to the document root? Edited May 26, 2012 by gsingh2011 1 Link to comment Share on other sites More sharing options...
Guest So Called Posted May 26, 2012 Share Posted May 26, 2012 (edited) Could you be a little more clear in your question? If it's an external CSS file then just put it in the same directory as your index.php, and refer to it in your <HEAD> section. If you're generating HTML with a PHP script then put the CSS file in the same directory as your index.php and and don't add any path information. But site visitors shouldn't see the include statement anyway. I don't see any reason site visitors should see your base path information except when errors occur, but that's a whole 'nother thing, and you can prevent that too. It seems likely I misunderstand your question. By the way, I don't like site visitors seeing my base path information either. Honest site visitors have no use for the information and probably don't understand it, while hackers might find some way to misuse the information and my policy is never give hackers anything. I've even removed PHP's X-Powered-By header, and my site doesn't use .PHP URL names. Maybe I'm running PHP, maybe it's just really clever HTML. Edited May 26, 2012 by So Called Link to comment Share on other sites More sharing options...
Don E Posted May 26, 2012 Share Posted May 26, 2012 So Called, To remove PHP's X-Powered-By header, is that done in the php.ini file? Link to comment Share on other sites More sharing options...
gsingh2011 Posted May 26, 2012 Author Share Posted May 26, 2012 (edited) Could you be a little more clear in your question? If it's an external CSS file then just put it in the same directory as your index.php, and refer to it in your <HEAD> section. If you're generating HTML with a PHP script then put the CSS file in the same directory as your index.php and and don't add any path information. But site visitors shouldn't see the include statement anyway. I don't see any reason site visitors should see your base path information except when errors occur, but that's a whole 'nother thing, and you can prevent that too. It seems likely I misunderstand your question. By the way, I don't like site visitors seeing my base path information either. Honest site visitors have no use for the information and probably don't understand it, while hackers might find some way to misuse the information and my policy is never give hackers anything. I've even removed PHP's X-Powered-By header, and my site doesn't use .PHP URL names. Maybe I'm running PHP, maybe it's just really clever HTML. Let me clarify the issue. My document root is something like /var/www/. I have the following two files, /var/www/index.php and /var/www/foo/index.php. I have a CSS file /var/www/css/styles.css. In both index.php files, I want to include the CSS file. In the link tag, I can set href to href="<?= $_SERVER['DOCUMENT_ROOT'] ?>css/styles.css" for both files. The only issue is now if someone views the source, they see /var/www/css/styles.css. I'd prefer that in the first index.php they would see css/styles.css and in the foo/index.php they would see ../css/styles.css. Edited May 26, 2012 by gsingh2011 Link to comment Share on other sites More sharing options...
Guest So Called Posted May 26, 2012 Share Posted May 26, 2012 (edited) @ Don: No, much easier than that. header('X-Powered-By:'); Put that in your script before you have echoed any HTML output. You will get an error message otherwise, and the error might even include your base path information. Edited May 26, 2012 by So Called Link to comment Share on other sites More sharing options...
Guest So Called Posted May 26, 2012 Share Posted May 26, 2012 (edited) @ gsingh: Still not clear. Are both /index.php and /foo/index.php part of the same website, say perhaps example.com and example.com/foo? If so, href="/css/styles.css" What I mean to say is there is no need to use the $_SERVER variable. Or if you do, use $_SERVER['HTTP_HOST']. Edited May 26, 2012 by So Called Link to comment Share on other sites More sharing options...
justsomeguy Posted May 28, 2012 Share Posted May 28, 2012 There's a setting in php.ini called expose_php that you can use to disable the headers. Link to comment Share on other sites More sharing options...
Don E Posted May 28, 2012 Share Posted May 28, 2012 There's a setting in php.ini called expose_php that you can use to disable the headers. Yes noticed that, thanks for the confirmation. Link to comment Share on other sites More sharing options...
Guest So Called Posted May 28, 2012 Share Posted May 28, 2012 More interesting reading: http://php.net/manual/en/security.hiding.php Noting that security by obscurity is of virtually zero worth. My reason for hiding the PHP header was amusement more than anything else. My code is as secure as I can make it, whether or not anybody can tell I'm running PHP scripts. Link to comment Share on other sites More sharing options...
Guest So Called Posted May 28, 2012 Share Posted May 28, 2012 Additional tip on not leaking out your absolute document root path: Whenever including a file, test for whether the file exists before you include it. If it exists then include it. If not, display your own error message. Otherwise a failed include or require will emit an error message with the path information included. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now