View-source script ('source.php') Will display the source code to any valid URL on a website (except directories listed in $protected)
@authour Scott Hurring [scott at hurring dot com]
@license Free; if you give me credit and retain the @authour line in the script
Allows you to show website visitors the source to nearly any file on your server inside the DOCUMENT_ROOT (of course, you can specify directory names that the script cannot access)
It will not allow you to view source code located on other servers.
If "http://server.com/show/this.php" is the URL you want to view, and "source.php" is located at "http://server.com/source.php", this is how you'd view "this.php" "http://server.com/source.php?url=/show/this.php"
Paramaters: $url (string) The URL of the file you want to view. You must set $DOC_ROOT properly so this script can translate the URL into an actual path on the server $type (string) Either 'color' or 'plain', default='color' 'color' will display the file using php's hilight_file() 'plain' will display the file with no formatting
A simple PHP script that will show the source code to any valid URL on the same server that your website is running on.
You may hide certain directories from the user via the use of the $protected array (see code). The script also has two methods of output: colorized (using hilite_file()) or plain-text.
The script takes in the URL ($url), strips out all non-alphanums, all double dots (..), will pre-pend the $DOC_ROOT of your webserver, then resolve that (using realpath()) into a directory on the server. It will then verify that the resulting directory is NOT in the $protected array, and that the file actually exists on disk.
Then, if all the security and validity checks are passed, it will either display the file as colorized source (using hilight_file()) or as plaintext (if it detects MSIE, it will print out a message saying that MSIE ignores Content-type: ... headers)
This script is almost identical to the one i use on Hurring.com, except that i removed hooks to my custom PHP classes, and replaced them with PHP builtins, so that this script can be used anywhere.