Home/ Questions/Q 3947348
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T01:14:27+00:00

index.php: define(included, true); INCLUDED PAGES: if (included !== true) header(‘HTTP/1.1 404 Not Found’); The

  • 0

index.php:

define("included", true);

INCLUDED PAGES:

if (included !== true) header('HTTP/1.1 404 Not Found');

The purpose for the codes was to disallow access directly but allow it if included. I am not sure if this opens any risks. I am not allowed to override .htaccess so I am stuck with a PHP alternative.

Any help would be much appreciated!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A sexier way is…

    defined('included') OR exit;

    That is, use the correct function (defined()) to see if a value is defined, and then exploit short circuit evaluation.

    Also, you can probably just use an existing define rather than create one specifically, e.g. your bootstrap file may define something like…

    define('DOCROOT', realpath(basename(__FILE__)));

    …in which case you would be safe to use DOCROOT.

    You should also be keeping any PHP files besides your bootstrap above your document root, and then ensuring your site is safe from directory traversal attacks 🙂

    • 0