[VIM] PHP file inclusions in PHP Developer Library 1.5.3 (some disputed)
Steven M. Christey
coley at linus.mitre.org
Tue Oct 24 14:38:16 EDT 2006
On Mon, 23 Oct 2006, Heinbockel, Bill wrote:
> The distribution as of 20061023 does not contain a file called
> Description.php. It does, however, contain a Description file
> (no file extension) which does contain the reported line (line 253):
> > include ($lib_dir . "sqlstorage.class.php");
> However there is no clear way to get this file to be handled by the
> PHP interpreter (mod_php or similar).
I took a closer look at this since it was so weird.
The "Description" file is basically a bunch of documentation for various
functions within the library. It is free-form text and there are no
"<?php>" specifiers (or "<?"), so renaming it to a .php extension still
wouldn't have any effect.
The surrounding text within "Description" says:
2. MySQL DB support. HOW TO USE
If you decide to use this library and write a piece of code.... First of
all you need set $cfg_dir and $lib_dir variables, edit the
database.cfg.php file (DB server, user name, password) and add the
following lines in your script:
include ($cfg_dir . "database.cfg.php");
include ($lib_dir . "sqlstorage.class.php");
So, if Anaconda was actually looking at a real site, the site had been
butchered in ways that were not standard to the product, so it's probably
site-specific instead of an inherent product issue. Even the above sample
code says "you need [to] set $cfg_dir and $lib_dir variables" so it's not
giving insecure configuration guidance.
More information about the VIM