I have not had a reason to address this issue but now I do:
is it possible to read a php code file from a remote server by
require(<absolute url to remote php code file>)
will this need ftp user or server user permissions?
And if so, is it possible to reproduce the code in a readable document?
I am concerned about access to code that otherwise would not be readable
because the code file does not have any instruction to print of echo anything.
For instance I could use a browser to request "someSite.com/somePHPcode.php
and somePHPcode.php will not reveal anything unless it contains a
call to hiliteFile of hiliteSting or code file global scope call to print or echo.
but if a reference to a code file is revealed in a error resulting from a call to
include or require then is it possible to retrieve the hidden code from a
remote location with the above script>>>> or call to hiliteFile for that matter
I dug through my copy of the php manual to find the correct function call: hightlight_file()
I also set up a test from a local dev server but I do not have static ip addresses so I don't know if this
really worked. The test code calls the various functions from the local browser via local server and errors
are returned to the effect of not being able to find a suitable wrapper. I am using a file that exists on my own site
to see if I can hack it and read the code. The php error log on my site has numerous errors listed from altered url requests
that appear to be intended to produce error messages. Thus I am concerned about remote knowledge of code file names
that might be accessed directly to read the code by unauthorized entities.