Incorrect $_SERVER['PATH_INFO']

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Incorrect $_SERVER['PATH_INFO']

Post by Jonah Bron »

I've been testing my app on my localhost. The app is located at /foo/bar/bar.php. It relies on $_SERVER['PATH_INFO'] to get further information from the url. It works, but when I uploaded the app to a remote server, the value of PATH_INFO is incorrect. Instead of giving me everything after the file name and before the query (as stated in the manual), it gives everything after the domain (/foo/bar/bar.php). Is this a setting I can change? What could cause this?
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Incorrect $_SERVER['PATH_INFO']

Post by flying_circus »

I was just reading something about this in Ilia's book last night, Guide to PHP Security, if you've got it handy, it should be around page 67 or so.

is there a reason you can't use basename(__FILE__)?

$_SERVER['PATH_INFO'] doesnt seem to register on either of my servers. Anyways, I think Ilia had suggested conditioning the value before use, something like:

Code: Select all

<?php
  print substr($_SERVER['PATH_INFO'], strpos($_SERVER['PATH_INFO'], basename(__FILE__)));
?>

Edit: I quoted above out of context. The reason for conditioning PHP_SELF, PATH_INFO, and PATH_TRANSLATED was to mitigate Cross Site Scripting
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Incorrect $_SERVER['PATH_INFO']

Post by Jonah Bron »

Well, PATH_INFO gives everything after the file name and before the query. So not quite the same thing as basename(__FILE__). I'm using Skeleton Framework, and it turns out it can work around PATH_INFO being missing. The problem was that is was falsely reading from it when it was empty. To fix it, I just did unset($_SERVER['PATH_INFO']);, and it worked. Turns out my localhost doesn't have it either. I would like to know why it's not reliable.

Oh, and sorry, I don't have that book :(
Post Reply