Cannot Include .php files

Forum Moderators: phranque

Message Too Old, No Replies

Cannot Include .php files

rainborick

1:19 am on Dec 11, 2014 (gmt 0)

I moved a client's site to a new server today and ran into a problem with the server-side includes. The site uses code like:


<!--#include virtual="example.php" -->

to include the navigation menu and one other important file on some internal pages. While I made the include files .php, they're currently just plain HTML, so I changed the file's extension to .html and updated the "include" instruction to match, and it worked. PHP is running properly. I was able to fetch the original .php version of the included file in my browser, and tested a phpinfo() file. I even tried adding a Rewrite in the .htaccess file to substitute the .html file, but that failed, too.

So, includes are working, PHP is working, and there are no path issues. It seems to me that the server just won't allow including .php files, but I don't know how to fix it. I'd *really* like to avoid having to edit all of the files on this site, so any help would be appreciated.

penders

2:47 am on Dec 11, 2014 (gmt 0)

Are .php files themselves set to be parsed for SSIs? This has certainly messed things up for me in the past (which engine runs first: PHP or SSI - it feels a bit chicken/egg?). Although TBH there is never usually a "real" need to mix the two.

I'd *really* like to avoid having to edit all of the files on this site...

If you only have 2 such includes ("the navigation menu and one other important file") then it sounds like a fairly straight forward search/replace?

Haven't you already edited these files to use a ".php" extension?

not2easy

3:52 am on Dec 11, 2014 (gmt 0)

I have one directory that uses that kind of a thing in place of plain .php includes, but it is because it is a virtual directory and the content comes from a perl script. I just did it their way for that one case.

It is common to need a line in .htaccess like:

AddHandler application/x-httpd-php5 .html .htm

But I had one host, years ago where nothing would make it work.

rainborick

4:50 am on Dec 11, 2014 (gmt 0)

Thanks, guys, but I found the issue. I hadn't added +Includes to the .htaccess file. I didn't think I needed it since I was working on the same host and I could include .html files just fine. It was a last-ditch thing that turned out to be the solution.

penders

11:46 am on Dec 11, 2014 (gmt 0)

I hadn't added +Includes to the .htaccess file.

That does seem a bit odd, since SSIs should not work at all if the "Includes" option is not enabled. (?)

Just out of curiosity, if you issued the directive:

Options -Includes -IncludesNOEXEC

Do your plain .html includes still work?

lucy24

5:40 pm on Dec 11, 2014 (gmt 0)

:: detour to check docs ::

Oh, that makes sense. Although it doesn't say so explicitly, +Includes in a deeper directory probably overrides +IncludesNOEXEC in a higher directory. (I wouldn't be surprised if the same thing applied to the pair FollowSymLinks and SymLinksIfOwnerMatch. There may be one or two others.)

penders

12:36 am on Dec 12, 2014 (gmt 0)

Oh, that makes sense....

Ah, so it seems

IncludesNOEXEC

alone is enough to prevent .php files from being included (but still allow non-php files to be included)! I assume this is related to the blocking of the

#exec

element?

rainborick

4:40 am on Dec 12, 2014 (gmt 0)

I'm not a complete rookie when it comes to the inner workings of Apache, but I was stumped when I could include .html files but not .php files. And I felt pretty silly when +Includes worked and realized I'd never noticed it missing in the original installation.

I didn't try any variation of IncludesEXEC, although I was considering disabling it in the future when I ran across the command in the docs and thought it might just be good practice. The whole thing has made me resolve to construct a standard set of Options to add when I start working on a site.

lucy24

6:56 am on Dec 12, 2014 (gmt 0)

On the original question: Was there any way to tell whether the include wasn't happening at all, as opposed to the php within the include not executing? It may or may not have been possible to tell, depending on whether your php files had html content before the <php begins, and also depending on how your include-error message works. (If an included file has the .php extension, but actually contains nothing executable, would it still fall victim to NOEXEC?)

I don't know where they hide the EXEC documentation. But admittedly this may be because my brain tends to shut down in panic whenever it encounters the string "exe" in any form.

penders

10:44 am on Dec 12, 2014 (gmt 0)

FWIW, on my development server, if I only have the

IncludesNOEXEC

option set then "normal" .html files are included OK, but .php files fail with the message "[an error occurred while processing this directive]" (so the SSI is being processed) - this is regardless of whether the .php file actually contains any PHP or just plain text.

I didn't try any variation of IncludesEXEC ... The whole thing has made me resolve to construct a standard set of Options to add when I start working on a site.

Maybe

IncludesNOEXEC

is set in your server config? Options such as

Includes

and

IncludesNOEXEC

should only be set if required, so they shouldn't really be considered a "standard set" IMO.