服务器端包含 (SSI) 注入问题

server side include (SSI) injection issue

我正在 html 网站上工作。我有超过 30 页的地方。所以我正在寻找一种解决方案,我必须在一个页面中使用菜单,然后在所有其他页面上调用该菜单,所以下次我必须进行一些更改时,我将只更改一个文件。

通过 google,我了解到我可以将我的文件扩展名从 html 转换为 php,然后使用 <?php include 'menu.php' ?>。但我不想在这里更改扩展名。

于是出现了另一种解决方案,即服务器端包含 (SSI)。

但这里似乎没有任何变化。 假设我的菜单 div 是:

<div class="menu">
    <div class="page-logo">
        <a href="dashboard.html">
            <img src="assets/img/logo.png" alt="logo"/>
        </a>
    </div>
</div>

所以我将菜单 Div 代码复制到单独的文件中并将其另存为 menu.html 然后像这样使用 SSI

<div class="menu">
    <!-- #include virtual="/menu.html" -->
</div>

但是徽标没有出现在我的页面上。我想知道这对其他人有何影响,因为据我所知 SSI 命令在评论标签 <!-- COMMENTS -->

任何想法,我在上面做错了什么或者我如何在所有页面上使用相同的菜单保持 html 扩展名?

我用过这个 smy .htaccess 文件

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes
AddHandler server-parsed .html .htm

对于任何形式的服务器端编程,您需要将服务器配置为在您的文件中查找服务器端代码,而不是直接将其传递给客户端。

如何执行此操作取决于您使用的特定服务器。如果您使用的是 Apache HTTPD,那么您可以经常使用 .htaccess。这是 not recommended:

You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.

经常发现服务器被配置为在 .php 文件中查找 PHP 并在 .shtml 文件中查找 SSI。

您可以将它们配置为查找其他类型的文件,如果尚未查找则开始查找。

具体操作方式取决于您使用的网络服务器。例如,对于 Apache,the manual has this guide for SSI

To permit SSI on your server, you must have the following directive either in your httpd.conf file, or in a .htaccess file:

Options +Includes

This tells Apache that you want to permit files to be parsed for SSI directives. Note that most configurations contain multiple Options directives that can override each other. You will probably need to apply the Options to the specific directory where you want SSI enabled in order to assure that it gets evaluated last.

Not just any file is parsed for SSI directives. You have to tell Apache which files should be parsed. There are two ways to do this. You can tell Apache to parse any file with a particular file extension, such as .shtml, with the following directives:

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

One disadvantage to this approach is that if you wanted to add SSI directives to an existing page, you would have to change the name of that page, and all links to that page, in order to give it a .shtml extension, so that those directives would be executed.

The other method is to use the XBitHack directive:

XBitHack on

XBitHack tells Apache to parse files for SSI directives if they have the execute bit set. So, to add SSI directives to an existing page, rather than having to change the file name, you would just need to make the file executable using chmod.

chmod +x pagename.html

A brief comment about what not to do. You'll occasionally see people recommending that you just tell Apache to parse all .html files for SSI, so that you don't have to mess with .shtml file names. These folks have perhaps not heard about XBitHack. The thing to keep in mind is that, by doing this, you're requiring that Apache read through every single file that it sends out to clients, even if they don't contain any SSI directives. This can slow things down quite a bit, and is not a good idea.

…和the PHP manual has this guide:

# Make all PHP code look like HTML
AddType application/x-httpd-php .htm .html

as far as I know The SSI command is in comments tag <!-- COMMENTS -->

SSI 语法旨在镜像 HTML 评论语法,因此如果服务器无法为 SSI 解析文件,则回退位置将静默失败而不是破坏页面的其余内容.

SSI 解析器不会将其视为注释。