The php Function GetIncluded_Files
The php function get_included_files helps developers find the absolute path to the included file that was called at the beginning of the currently running script. This is very useful when deploying a CMS or a complex PHP program as it prevents the need to manually check each of the included files for errors.
It returns an indexed array of the names of all files that have been included into the current script using include(), include_once(), or require(). The name of the script that was originally called is considered to be an "included file," so it is listed together with all of the files referenced by these functions and their family members. Files that are included or required multiple times appear only once in the array. This function also includes any files that have been prepended using the auto_prepend_file configuration directive, even if they were not explicitly included using one of these functions.
While the function get_included_files is very useful, it does have a few flaws that could potentially be exploited by hackers to attack the system. For example, if magic_quotes_runtime is enabled, the quotes in the returned string will be escaped with backslashes. This could allow attackers to insert malicious code into the web page.
To avoid these issues, developers should use a combination of methods to validate the contents of a web application for security purposes. A good starting point is to use the dirname() function, which can return the absolute path to the parent directory of a given file. This will verify that the file is located within the web root of the server.