為何大多數的 Joomla! PHP 檔案都以 defined(' JEXEC') 作為開頭...?

From Joomla! Documentation

This page is a translated version of the page Why do most of the Joomla! PHP files start with defined(' JEXEC')? and the translation is 56% complete.

Other languages:
العربية • ‎Deutsch • ‎English • ‎español • ‎français • ‎Nederlands • ‎中文(台灣)‎
Copyedit.png
This Article Needs Your Help

This article is tagged because it NEEDS REVIEW. You can help the Joomla! Documentation Wiki by contributing to it.
More pages that need help similar to this one are here. NOTE-If you feel the need is satistified, please remove this notice.


在 Joomla! 中幾乎所有的 PHP 檔案都是由以下宣告聲明開始的:

defined('_JEXEC') or die('Restricted access');

該聲明宣告會檢查該檔案是否從 Joomla! 內部取出的,並且會保護您的網站,來讓駭客更難以駭入您的網站。

它有兩個主要方面的幫助:

1) It prevents errors from running a PHP file that is expecting to be run inside the Jooma bootstrap and it prevents path disclosure vulnerabilities arising from the PHP fatal errors that are generated.

2) It prevents accidental injection of variables through a register globals attack that trick the PHP file into thinking it is inside the application when it really isn't.

Setting the error reporting down would have a similar effect, however there are configurations where changing PHP's INI settings aren't permitted. The JEXEC check works regardless of whether the configuration can be changed and has no other side effects (e.g. if you're debugging having every file reduce the error reporting would be annoying because you'd have to either set a debug flag to stop it or after each file is included reset error reporting, not fun!).

Note, this line should NOT be included in your main index.php file, since this is the program that starts the Joomla! session.