At 8:14 PM +0800 2/20/08, Eric Boo wrote:
Hi all,
I'm currently parsing the variable $_SERVER['PHP_SELF'] to get the
base url of a site.
Example:
http://www.example.com/~eric/program/index.php?option=abc
What I'm interested in getting is
"http://www.example.com/~eric/program/";, which I am able to get
currently.
Questions"
1) Are there security implications in using $_SERVER['PHP_SELF'], and
if so, how do I mitigate it?
1a) Yes, it's insecure because it's an outside source. Never trust
the user for anything.
1b) Use hard coded absolute references OR check that what you receive
from $_SERVER['PHP_SELF'] is what you expect.
As to parsing it, look into basename() examples.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
