tags:

views:

164

answers:

6
+2  Q: 

How do I prevent an included PHP script from changing the Location URL?

I'm including a PHP script that changes the URL.

// index.php
ob_start();
include "script.php";
   // This script redirects using  header("Location:");
$out = ob_get_clean();
// I use the $out data for calculations
echo $out;

Is there a simple way to counter or undo this unwanted redirect? How about:

header("Location: index.php");   // redirect back to self

But this causes an endless redirect loop... any ideas?

Or is there a way to strip out the header() calls from the $out buffer, preventing it from ever reaching the client?

+3  A: 

You could try to overwrite that header field with an invalid value, such as:

header('Location: ', true);

But I don’t know how the clients react on that.

Gumbo  2009-07-07 09:33:31
+2  A: 

There isn't really a good way to do that. Two things come to mind:

  1. Open script.php as a text file, strip out any header() commands and then eval() the result.
  2. Echo a space before you include script.php and then trap the warning that PHP generates about issuing a header() after the output has already started. You'd need to echo the space before your output buffering.
Sander Marechal  2009-07-07 09:34:24
+1  A: 

What about including the file first as a variable with file_get_contents(), stripping out the unwanted headers and then running it with PHP code (I won't mention the evil word used to parse a PHP string as PHP code)?

alex  2009-07-07 09:35:23
evil .. eval :)
Jenko  2009-07-07 09:36:51
+5  A: 

Just for future references. As of PHP 5.3 there's a new function called header_remove() which helps dealing with such situations.

Ionuț G. Stan  2009-07-07 09:37:37
A: 

Since you have the complete text in a string before you output it, you can simple remove the headers you want with a search and replace (using a regex for example).

rikh  2009-07-07 09:42:53
+1  A: 

If you don't have PHP5.3 at your disposal (you probably don't), Gumbo's answer does not work and you don't want to use eval, then the only other option I can see, is the use of streams. This is however yet another, more flexible but complex, form of eval. Streams, combined with tokenizer, and you'll be able to get rid of that function call with a simple:

require 'no-header://script.php';
Ionuț G. Stan  2009-07-07 11:09:41

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases