[nycphp-talk] Re: PHP_SELF problems
Dan Cech
dcech at phpwerx.net
Fri Dec 29 14:00:10 EST 2006
Daniel Convissor wrote:
> On Fri, Dec 29, 2006 at 11:13:00AM -0500, Dan Cech wrote:
>> I'm not 100% sure what the solution to this problem is. Right now the
>> only thing I can think of is to try and figure out the common part of
>> PHP_SELF and SCRIPT_NAME, so as to drop both the extra filesystem info
>> and any url garbage, but that seems pretty fragile to me.
>
> I always use the __FILE__ constant. Can't be touched by user input. The
> basename() and dirname() are handy to use along with it.
Yes, If you want the full filename (including filesystem path) __FILE__
is indispensable, and basename(__FILE__) is the best way to get the name
of the currently running script.
The problem comes when you're attempting to construct the correct
absolute URL for a given file. When running php as a cgi there doesn't
seem to be a method of achieving this securely, as in this setup
$_SERVER['SCRIPT_NAME'] will contain the php interpreter, like '/php-cgi'.
Bottom line is that if your script will be run under php-cgi you must
not use SCRIPT_NAME, so we're back to square one.
Dan
More information about the talk
mailing list