[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Aaron Fischer
agfische at email.smith.edu
Thu Jul 21 11:27:05 EDT 2005
On Jul 21, 2005, at 11:11 AM, George Schlossnagle wrote:
>
> On Jul 21, 2005, at 11:04 AM, Aaron Fischer wrote:
>
>> I've been following this topic with interest. Can someone clarify
>> what
>> the IFS is? Internet File System is my speculative guess...
>
> Input Field Separator. In this case the token that separates the
> path which maps to a file on disk and the query string parameters.
> 'Normally' you do
>
> http://example.com/index.php?foo=bar
>
> Apache allows the following as an equivalent expression:
>
> http://example.com/index.php/foo=bar
>
> George
>
>
I see, thanks. So the jist of it is that in PHP 5 the user can still
pass bad stuff to PHP_SELF through the query string if they use the /
token.
I'm interested in learning more about security stuff and
filtering/cleansing user data. Checking out Tim's link...
-Aaron
More information about the talk
mailing list