php include gives an error

Question

hey there i want to include my php file but i get an error

my page contains javascript

this is the error i am getting

[Thu Aug 05 15:38:01 2010] [error] [client 10.0.0.2] <br/><br/>Unexpexted output: \r\n<html>\r\n\r\n\r\n\r\n<script language="javascript" type="text/javascript" src................

this is my server code , i am calling the page via ajax

function getPageContent(&$response){
  $PAGE_URL     = $_POST['PAGE_URL'];
  try{
     echo '../' . $PAGE_URL;
   }catch(Exception $ee){
    error_log($ee->getMessage());
 }
 $response->fields->frame_main = file_get_contents('../' . $PAGE_URL);
}

thank you

Answer 1

Looks like you're trying to include a javascript file with PHP.. echo ' instead..

Answer 2

Hi, it looks like what you're trying to do is include a javascript file on demand. Without the full source (including what you're passing in the URL, it's a bit difficult to debug.

I feel like what you want to be saying here:

$response->fields->frame_main = file_get_contents('../' . $PAGE_URL);

is actually

$response->fields->frame_main = '../' . $PAGE_URL;

Since based on the output you've provided, it looks like you're accidentally reading the file into the tag, rather than providing the filename.

One small point I feel obligated to bring up. Your code in it's current implementation seems like it would allow me to pass a POST variable like "../../../../../etc/passwd" and retreive the contents of that file. If you do end up reading in files on demand from the user, please validate them fully. Filtering them using a function like basename() may be of use.