OK, here's the goal:
I want to prevent direct access to some include files with some config variables. I can't guarantee the files will sit outside of the webserver's document root.
What I'm thinking is to compare the $_SERVER["SCRIPT_NAME"] (that is, the URI) against the filename of the include file, and if there's a match, that's a direct view of the include file so make a call to die() before the variables are set.
The approach works fine except that I'm not sure how to determine the file name of the include file automatically (I'd prefer not to have to type it in on each file). Is there anything like a $this handler for the filesystem or something? The problem with $_SERVER["SCRIPT_FILENAME"] is that it returns the originating file rather than the current file. That's fine for the disallow case but doesn't work for legal includes/requires.
I want to prevent direct access to some include files with some config variables. I can't guarantee the files will sit outside of the webserver's document root.
What I'm thinking is to compare the $_SERVER["SCRIPT_NAME"] (that is, the URI) against the filename of the include file, and if there's a match, that's a direct view of the include file so make a call to die() before the variables are set.
The approach works fine except that I'm not sure how to determine the file name of the include file automatically (I'd prefer not to have to type it in on each file). Is there anything like a $this handler for the filesystem or something? The problem with $_SERVER["SCRIPT_FILENAME"] is that it returns the originating file rather than the current file. That's fine for the disallow case but doesn't work for legal includes/requires.