[VIM] PHP file inclusions in PHP Developer Library 1.5.3 (some disputed)

Steven M. Christey coley at linus.mitre.org
Tue Oct 24 14:38:16 EDT 2006

On Mon, 23 Oct 2006, Heinbockel, Bill wrote:

> The distribution as of 20061023 does not contain a file called
> Description.php. It does, however, contain a Description file
> (no file extension) which does contain the reported line (line 253):
> >     include ($lib_dir . "sqlstorage.class.php");
> However there is no clear way to get this file to be handled by the
> PHP interpreter (mod_php or similar).

I took a closer look at this since it was so weird.

The "Description" file is basically a bunch of documentation for various
functions within the library.  It is free-form text and there are no
"<?php>" specifiers (or "<?"), so renaming it to a .php extension still
wouldn't have any effect.

The surrounding text within "Description" says:

  2. MySQL DB support. HOW TO USE

  If you decide to use this library and write a piece of code.... First of
  all you need set $cfg_dir and $lib_dir variables, edit the
  database.cfg.php file (DB server, user name, password) and add the
  following lines in your script:

        include ($cfg_dir . "database.cfg.php");
        include ($lib_dir . "sqlstorage.class.php");

So, if Anaconda was actually looking at a real site, the site had been
butchered in ways that were not standard to the product, so it's probably
site-specific instead of an inherent product issue.  Even the above sample
code says "you need [to] set $cfg_dir and $lib_dir variables" so it's not
giving insecure configuration guidance.

- Steve

More information about the VIM mailing list