1

I've inherited a bad sitation where at our network we have many (read: many) hosted sites doing this:

include "http://www.example.com/news.php";

Yes, I know that this is bad, insecure, etc, and that it should be echo file_get_contents(...); or something like that (the output of "news.php" is just HTML), but unfortunately this is what they use now and we can't easily change that.

It used to work fine, until yesterday. We started to 301-redirect all www.example.com requests to just example.com. PHP does not appear to follow this redirect when people include the version with www, so this redirect breaks a lot of sites.

To sum it up: Is there a way to get PHP to follow those redirects? I can only make modification on the example.com side or through server-wide configuration.

Improve this question
9
  • What's the exact error message (or messages) you get with error_reporting=E_ALL (or higher)? Commented Dec 22, 2009 at 11:35
  • 2
    That doesn't sound like a php error message ;-) Could it be that the webserver doesn't send a 301 status code but 200 ok. Commented Dec 22, 2009 at 11:45
  • 1
    Is there even a difference between include($foo) and echo file_get_contents($foo) (for remote files)? I don't think so... Commented Dec 22, 2009 at 11:48
  • 1
    Since php 5.2 there is allow_url_include, but that would raise a different error message Commented Dec 22, 2009 at 11:49
  • 1
    There is a difference. Not in this case, but if the remote site returned PHP code, it would be executed with include (and not with FGC obviously) Commented Dec 22, 2009 at 12:20

4 Answers 4

Reset to default
2

You said, in a comment: "I can go and change all the includes, but it'd just be a lot of work".

Yes. That's the "bad, insecure, but-I-don't-have-a-reason-to-change-it code" coming back to bite you. It will be a lot of work; but now there is a compelling reason to change it. Sometimes, cleaning up an old mess is the simplest way out of it, although not the easiest.

Edit: I didn't mean "it's your code and your fault" - rather, "bad code is often a lot of work to fix, but it's usually less work than to keep piling hacks around it for eternity, just to keep it kinda-working".

As for "going and changing it", I'd recommend using cURL - it works much better than PHP's HTTP fopen wrappers.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Well in my defense, I did not make up the bad code. I inherited it :(
@Bart van Heukelom: Sorry, I was too dismissive in the original version. Didn't mean to sound so arrogant.
1

Can't you use curl? In curl_setopt it has an option to follow redirects.

Improve this answer

2 Comments

I guess the answer is "no" because of "but unfortunately this is what they use now and we can't easily change that" ;-)
Well he does say 'can't ||easily|| change that'. So it's not impossible to change it
0

Let's start with the redirecting http repsonse.

<?php
error_reporting(E_ALL);
var_dump( get_headers('http://www.example.com/news.php') );
// include 'http://www.example.com/news.php'

The output should contain HTTP/1.0 301 Moved Permanently as the first entry and Location: http://example.com/news.php somewhere.

Improve this answer

4 Comments

Yes, but I can't change that code, or I would just change it to file_get_contents. I have to do this on the example.com side.
...or through a server-wide PHP setting. Well, I can go and change all the includes, but it'd just be a lot of work :p
It just a test script. Place it in a/any directory where the include 'http://www.example.com/news.php'doesn't work as expected and examine the output.
And if http/1.x 310 ... is not the first line or if there's no Location: xyz line in the result that's what is preventing php from following the "redirect" (because it's not a redirect). If it is there we have to check the more unlikely causes (whatever they may be).
0

I don't think any of those solutions provided by PHP itself would help... I just don't think any of them follow headers and what not. For what it's worth, I do think, though, that this behaviour is correct: you're asking for the result of a certain request and you got it. The fact that the result is telling you to look elsewhere is, in and of itself, a valid result.

If I were you, I'd look at cURL. There's a PHP extension for it and it will allow you to tell it to follow headers and get to where you're trying to get. If this is not usable (as in, you absolutely, positively have to use the approach you currently are), you will need to revert the redirects on the 'source' server: maybe you could have it return the information or the redirect based on requesting IP address or something similar?

Improve this answer

1 Comment

The http fopen wrapper does follow Location: xyz headers unless told otherwise (e.g. by get_headers())

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.