[nycphp-talk] Re: PHP_SELF problems
Hans Zaunere
lists at zaunere.com
Mon Jan 1 12:40:08 EST 2007
Dan Cech wrote on Monday, January 01, 2007 10:39 AM:
> Jürgen Wind wrote:
> > > I have not really followed this discussion, but when i see
> > > something like this: "$_SERVER['SCRIPT_NAME'] will contain the
> > > full _filesystem_ path,
> > > which is not what we're after."
> > >
> > > Can you just do a 1 line regex and pull out what you need? And
> > > you are all set. :-) ed
> >
> > no need for regex here, a simple basename($_SERVER['SCRIPT_NAME'])
> > will do Happy New Year!
This is akin to what I do.
> As I outlined earlier in this thread, this will _not_ work if php is
> running as a cgi, you'll get 'php4-cgi' instead of 'myfilename.php'
> unless you have cgi.fix_pathinfo set to 1 (default is 0).
I think there's two important sides to this discussion.
In the larger more complex applications, it's vital that paths/URLs be
dynamically generated and understood. Like most complex applications, there
are some environmental constraints - one of which is a properly configured
PHP running as an Apache DSO. Thus I use a combination of SCRIPT_NAME and
other URL/filesystem variables to determine how to write out and read in
URLS/paths/etc.
For simpler application, you're likely running in an environment that isn't
always known, or that can change - ie, shared hosting with a prepackaged CMS
system of some sort. In such cases, maybe it is possible to always use
hardwired filenames, etc.. I know that's what I did for my first
application :)
In a similar context, there's and always exciting flame war on NYLUG
regarding PHP security:
http://www.nylug.org/pipermail/nylug-talk/2006-December/thread.html
And search for PHP Security.
They're also looking to deploy Joomla for their next release of
www.nylug.org
Happy New Year everyone - to a good 2007!
---
Hans Zaunere / President / New York PHP
www.nyphp.org / www.nyphp.com
More information about the talk
mailing list