Not able to read virtual() query string

PHP
1

Hello

I need to execute some php file from another php file, as far as I know, I have two options, include() and virtual(). However, I need to pass variables along to the include that I am doing, for this reason, I should have a http link in my include(), which forces me to enable allow_url_include, which I am trying to avoid.


include('http://www.mysite.com/myfile.php?var=value');

So I used virtual();


virtual('/myfile.php?var=value');

this is working fine, but given that I can’t use $_GET with virtual(), I used $_SERVER[‘QUERY_STRING’], but this is doing the same as $_GET, which means getting the query string of the file from where I executed the code.

My questions are:

  1. Are there serious risks if I enable allow_url_include, however only inlclude from my own site, not any 3rd party, nor pass what to include as a param from any file?
  2. How can I read the query string if I use virtual()?

Many thanks

2

Nah, it seems I’m being dump today and complicating stuff too much:D
thanks!

3

Or you could try cURL. I have a wrapper in a utility library that you might find handy, you should be able to use it without having to edit too much:


    static function getRemoteFile($url) {
        if(function_exists('curl_init')) {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
            $res = curl_exec($ch);
            curl_close($ch);
        } else {
            $res = file_get_contents($url);
        }
        return $res;
    }
4

Maybe I’m just being particularly dumb today, or am missing the point, but why do you have a need to append a query string to the file path?


$var = 'abc'; // or even $_GET['var'] = 'abc';
include('myfile.php'); // code inside myfile.php can "see" $var
5

Call the other PHP files though the command line/shell without worrying about the web-server below…Possible?