roly

hi

i want to include a file (it's just a bit of javascript) from domainA into a php page on domainB (all on the same server). to do this i have to have allow_url_include = on in my php.ini which i believe is a big security risk. has anyone got any alternative solutions that are safer,?

the include is just so i can test various popups over 100's of sites by just changing the javacript in the one file. so i would be grateful for any other simple solutions too.

thanks in advance

stocktrader23

iframes?

__________________


Hands Free Adult - Join Once, Earn For Life

"I try to make a habit of bouncing my eyes up to the face of a beautiful woman, and often repeat “not mine” in my head or even verbally. She’s not mine. God has her set aside. She’s not mine. She’s His little girl, and she needs me to fight for her by keeping my eyes where they should be."

woj

Why are you including it with php? just use a script tag with src='xxxxx'...

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

Avalana

Not sure about: require_once();

__________________
bad behavior - Adult & Porn Site Reviews - Need a honest Review for your Adult Porn Site? Just drop me a line - ICQ @BADBEHAVIOR or SKYPE avalana.porngeekz

roly

because the the bit of code i am calling is a javascript with src="xxx" as well and i'm assuming you can't nest it?

woj

you probably can but hard to really say without knowing exactly what you are trying to do...

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

Brujah

using curl?

__________________

• Free Premium Domain Lists and Tools at Clickmojo.com
• For Sale: Obscenity.com

roly

no that doesn't seem to work

raymor

You want to include the server path to the file, not the URL. So something like:
include ('../../othersite.com/public_html/stuff.inc');

Symlinks on the server can simplify that.
If suexec is preventing you from doing the include, suexec a more serious security hole than fopen_url, as bad as fopen_url is.


The above is if you have to include() instead of doing:

script type="text/javascript" src="http://somesite.com/cool.js"

__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids

u-Bob

mostly a huge waste of resources if both sites are on the same server.

1. use readfile() instead of include() as the contents of the file won't need to be parsed for php code.
2. readfile("/full/path/to/whereever/u/put/thefile/file.js");

Brujah

Ah, I didn't catch the "same server" bit. Ray's right, you can use a server path to the files in domainA.com's path instead then.

__________________

• Free Premium Domain Lists and Tools at Clickmojo.com
• For Sale: Obscenity.com

roly

thanks guys for the help it's appreciated, i'm off out now, but i'll have a play around with those tomorrow and report back.

thanks again