submit to reddit

PHP has a feature that allows you to pre-pend a file at every PHP request. This prepend file is the equivalent of having it include()ed at the top of every single PHP script on your site. It’s is done through a directive that is set either in php.ini or .htaccess. The directive is called auto_prepend_file. It’s also evil if you don’t know about its existence.

In a .htaccess file, you can use this directive to define a specific file that will be auto-prepended, in a directory:

php_value auto_prepend_file "/htaccess_bom_and_php_auto_prepend_adventures/prepend.html"

You can also use this directive to deactivate auto-prepending in a directory or root:

php_value auto_prepend_file none

Note: Use the special value “none“, as explained in the documentation of auto_prepend_file:

The special value none disables auto-prepending.

Note: You can set php_values in .htaccess only where PHP is run as an Apache module.

When I first encountered this issue, I blamed my text editor for byte order marks (BOM). So, I found a neat script that searches for BOM files inside your root and recursively throughout the folders:

// Detect BOM sequence in a folder recursively
define('STR_BOM', "\xEF\xBB\xBF");
$file = null;
$directory = getcwd();

$rit = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory), RecursiveIteratorIterator::CHILD_FIRST);
try {
 foreach ($rit as $file) {
 if ($file->isFile()) {
 $path_parts = pathinfo($file->getRealPath());

 if ('php' == $path_parts['extension']) {
 $object = new SplFileObject($file->getRealPath());

 if (false !== strpos($object->getCurrentLine(), STR_BOM)) {
 print $file->getRealPath()."\n";

} catch (Exception $e) {
 die ('Exception caught: '. $e->getMessage());

This piece of code is going into my upcoming plugin, WP Perfect Plugin. Heh, that’s a spoiler!

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>