FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Good code or bad code?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Good code or bad code? [message #170196 is a reply to message #170193] Sun, 17 October 2010 18:18 Go to previous messageGo to previous message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma:
Member
On 10/17/2010 02:09 PM, Thomas 'PointedEars' Lahn wrote:
> Bullshit/FUD. $_SERVER['REQUEST_URI'] yields the HTTP request URI, e.g.
>
> http://foo.example/bar?baz
>
> for an HTTP request containing the headers
>
> GET /bar?baz HTTP/1.1
> Host: foo.example

No. It shows the URI relative to the domain root. not including the
domain name.

> [...]
>
> Use $_SERVER['SCRIPT_NAME'], since $_SERVER['PHP_SELF'] can be misused for
> code injection:
>
> <http://en.wikipedia.org/wiki/Cross-site_scripting>

That is not true.
If you think it is true, give us an example of abusing it for code
injection.

> RTFM and call phpinfo() for details on $_SERVER.

What the OP should read is.-

http://php.net/manual/en/reserved.variables.server.php
and do a print_r($_SERVER);
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: buffering to allow headers in code?
Next Topic: Stats comp.lang.php (last 7 days)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 07:31:23 GMT 2024

Total time taken to generate the page: 0.04198 seconds