Posted by amygdala on 08/11/06 15:48

"amygdala" <noreply@noreply.com> schreef in bericht
news:44dca2d3$0$2014$9a622dc7@news.kpnplanet.nl...
> Hi,
>
> I read something about PHP_SELF possibly issuing security flaws, since
> requesting...
>
> http://www.mydomain.com/thescript.php/bogus
>
> ...would output '/thescript.php/bogus' if PHP_SELF is issued in
> thescript.php
>
> Can't seem to find the article anymore though.
>
> What would be a good workaround for this?
>
> __FILE__ isn't an option here cause I would like to issue PHP_SELF / your
> suggestion in a class that is included in thescript.php
>
> Is there no native PHP variable that returns the pure filename (no path,
> no querystring, no trailing user input, etc.) ?
>
> Thanks a bunch.
>

I think I found it already:

$_SERVER[ 'SCRIPT_NAME' ]

Seems to work.

Still, if somebody cares to elaborate on the subject: I'm curious what kind
of security issues could show up when using these kinds of variables. Is
$_SERVER[ 'SCRIPT_NAME' ] secure? Much appreciated.

• Next in forum: Search in Mysql...
• Prev in forum: Upgrade Methods, php, pear, phpdoc
• Thread view: Re: PHP_SELF __FILE__ and the likes

[Reply to this message]