$_SERVER['PHP_SELF'] alternative...

    Date: 12/19/05 (PHP Community)    Keywords: php, html, security

    This forum post got me thinking more about security. (yes, that is me with a similar question there)

    http://forum.hardened-php.net/viewtopic.php?id=20

    After trying the methods in this blog post got me thinking and looking for an alternative.

    http://blog.phpdoc.info/archives/13-XSS-Woes.html

    So I started thinking of a safer way to accomplish the same thing. I was looking at the manual at http://php.net/ and came across $_SERVER['SCRIPT_FILENAME'] and did a little playing with it. I did a simple echo statement, and it returned the path for the script and nothing else, even using injection methods. Is this a good substitute for PHP_SELF? Anyone know any security issues with this superglobal? I have several scripts that use PHP_SELF, and would like a safe alternative.

    *edit*
    I just noticed I accidentally made this friends only post, so I removed that

    Source: http://www.livejournal.com/community/php/380992.html

« making code secure || Getting the name of a file? »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home