|
Posted by Sebastian Lisken on 09/29/73 12:01
Dan Gelder <daniel.w.gelder@gmail.com> wrote:
> no, that just turns
> /home/.machine/user/site.com/work/january/phpstuff/includer.php
> into
> /home/.machine/user/site.com/work/january/phpstuff/
>
> and you can read my post to understand why that brings me no closer
> than before.
>
> What I need to know, I guess, is a way to get the official root folder
> so I have
> /home/.machine/user/site.com/
>
> And then I can match the strings?? Can't say how to solve it yet.
Wouldn't $_SERVER["SCRIPT_NAME"] do what you are looking for? Don't use
$_SERVER["PHP_SELF"] because that can contain so-called "additional path
information" that users could be adding to the script's URL in some
circumstances (/january/phpstuff/includer.php/extra/stuff) and which,
incidentally, makes $_SERVER["PHP_SELF"] a value that should not be
trusted. Mind you, perhaps it's better to regard all of $SERVER as
untrusted just to err on the side of caution.
Sebastian Lisken
[Back to original message]
|