Incorrect $_SERVER['PATH_INFO']
Moderator: General Moderators
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Incorrect $_SERVER['PATH_INFO']
I've been testing my app on my localhost. The app is located at /foo/bar/bar.php. It relies on $_SERVER['PATH_INFO'] to get further information from the url. It works, but when I uploaded the app to a remote server, the value of PATH_INFO is incorrect. Instead of giving me everything after the file name and before the query (as stated in the manual), it gives everything after the domain (/foo/bar/bar.php). Is this a setting I can change? What could cause this?
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: Incorrect $_SERVER['PATH_INFO']
I was just reading something about this in Ilia's book last night, Guide to PHP Security, if you've got it handy, it should be around page 67 or so.
is there a reason you can't use basename(__FILE__)?
$_SERVER['PATH_INFO'] doesnt seem to register on either of my servers. Anyways, I think Ilia had suggested conditioning the value before use, something like:
Edit: I quoted above out of context. The reason for conditioning PHP_SELF, PATH_INFO, and PATH_TRANSLATED was to mitigate Cross Site Scripting
is there a reason you can't use basename(__FILE__)?
$_SERVER['PATH_INFO'] doesnt seem to register on either of my servers. Anyways, I think Ilia had suggested conditioning the value before use, something like:
Code: Select all
<?php
print substr($_SERVER['PATH_INFO'], strpos($_SERVER['PATH_INFO'], basename(__FILE__)));
?>Edit: I quoted above out of context. The reason for conditioning PHP_SELF, PATH_INFO, and PATH_TRANSLATED was to mitigate Cross Site Scripting
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Incorrect $_SERVER['PATH_INFO']
Well, PATH_INFO gives everything after the file name and before the query. So not quite the same thing as basename(__FILE__). I'm using Skeleton Framework, and it turns out it can work around PATH_INFO being missing. The problem was that is was falsely reading from it when it was empty. To fix it, I just did unset($_SERVER['PATH_INFO']);, and it worked. Turns out my localhost doesn't have it either. I would like to know why it's not reliable.
Oh, and sorry, I don't have that book
Oh, and sorry, I don't have that book