Recipe 5.1 Showing Highlighted PHP Source Without Symlinking

Problem

You want to be able to see the syntax-enhanced source to your PHP scripts without having to set up symbolic links for all of them.

Solution

Add a line such as the following to your httpd.conf file:

RewriteRule "^(.*\.php)s$" "/cgi-bin/show.php?file=$1" [PT,L]

Create a file named show.php as shown below, and put it in your server's /cgi-bin/ directory:

<?php /*  * Show the highlighted source of a PHP script without a symlink or copy.  */ if ((! isset($_GET))     || (! isset($_GET['file']))     || (! ($file = $_GET['file']))) {     /*      * Missing required arguments, so bail.      */     return status('400 Bad Request',                   "Data insufficient or invalid.\r\n"); } $file = preg_replace('/\.phps$/', '.php', $file); if (! preg_match('/\.php$/', $file)) {     return status('403 Forbidden',                   "Invalid document.\r\n"); } $docroot = $_SERVER['DOCUMENT_ROOT']; if ((! preg_match(";^$docroot;", $file))     || (! preg_match(";^/home/[^/]+/public_html;", $file))) {     return status('403 Forbidden',                   "Invalid document requested.\r\n"); } Header('Content-type: text/html; charset=iso-8859-1'); print highlight_file($file); return; function status($msg, $text) {     Header("Status: $msg");     Header('Content-type: text/plain; charset=iso-8859-1');     Header('Content-length: ' . strlen($text));     print $text; } ?>

Discussion

The script in the solution uses a built-in PHP function to display the script's source in highlighted form. The preg_match against $docroot verifies the requested file is under the server's DocumentRoot. The next preg_match also permits files in users' public_html directories.

See Also

• Recipe 2.5