Torben Wilson wrote:
2009/8/26 Paul Gardiner <lists@xxxxxxxxxx>:
Paul Gardiner wrote:
I want to write a simple indexing script to display a
directory full of photos as a gallery of thumbnails.
(There are various solutions out there for this, but
they're all a bit more complicated than I need).
I've added a file in /etc/apache2/conf.d that
looks like this:
Alias /photos /home/public/photos
<Directory "/home/public/photos">
AllowOverride None
Order allow,deny
Allow from all
DirectoryIndex /cgi-bin/index.php
</Directory>
I use "Alias" so that I can leave the photos where they are
and not have to move them to DocumentRoot. I use "DirectoryIndex"
so that the script doesn't have to be in with the photos. My
problem is that the running script seems to have no way to
work out the photos are in /home/public/photos.
$_SERVER[REQUEST_URI] is "/photos/", but I can't see how to
derive the server path from that, since $_SERVER[DOCUMENT_ROOT]
is "/srv/www/htdocs".
$_SERVER[PHP_SELF] is "/cgi-bin/index.php", so no use either.
How can I do this? Is there a way to interrogate the alias,
or can I set a variable in the conf file that PHP can pick up?
I've sussed it. If I use this apache2 conf file, where I
tag the server path onto the end of the index url:
Alias /photos /home/public/photos
<Directory "/home/public/photos">
AllowOverride None
Order allow,deny
Allow from all
DirectoryIndex /cgi-bin/index.php/home/public/photos
</Directory>
then the script can pick up the path as $_SERVER[PATH_INFO]
P.
Hi Paul,
Glad you got it working.
Actually, since posting, I've given up on that method,
partly because I realised that in doing so I was opening up
a security hole and being close to allowing enumeration of
any apache-readable directory on my server, via direct use
of the url http:/<host>/cgi-bin/index.php/<path>/. I've
found a much better way (using SetEnv):
Alias /photos /home/public/photos
<Directory "/home/public/photos">
AllowOverride None
Order allow,deny
Allow from all
SetEnv GalleryPath /home/public/photos
DirectoryIndex /cgi-bin/index.php
</Directory>
And then the script can pick up the path as $_SERVER['GalleryPath']
I would add one note: I don't know if this is
what your actual code contains or if it's just in your emails, but not
quoting string indices in arrays is a Bad Idea (TM). i.e. I'd
recommend avoiding the use of something like $_SERVER[PATH_INFO] and
instead use $_SERVER['PATH_INFO']. While the unquoted version will
work much of the time, it's untrustworthy. In this case, PHP sees the
label PATH_INFO and looks for a constant named PATH_INFO.
Thanks for the advice. I've always been a little uncertain of that. I
don't generally leave the quotes out, but I had been tending to, just
for accessing $_SERVER (not sure why - some example code I must have
read I think). Anyway, I'll put the quotes in.
What about the case of including an array within a string, e.g.,
$line = "<tr><td>$array['name']<td>$array['address']";
I've read something about that not working with the quotes in place.
Is that best avoided too?
Cheers,
Paul.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
