PHP_SELF contains PATH_INFO on server A but not server B

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

PHP_SELF contains PATH_INFO on server A but not server B

Post by Luke »

On my laptop I have PHP Version 5.2.1. When I put in a url such as http://www.example.com/index.php/malicious-xxs-attack on this server, PHP_SELF looks like this:

/index.php/malicious-xss-attack

On another server, I've got PHP Version 4.4.7. When I enter the same url, PHP_SELF looks like this:

/index.php

Is there some sort of setting that causes this? I'm pretty sure I've been told why before, but I don't remember and searching has turned up nothing.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

All I know is that PHP_SELF doesn't exactly correspond with REQUEST_URI all the time. I also think that CGI PHP environments are the cause of that.

Any chance that that's the case?
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I know that on my apache installation it's set up as a module. I'm not sure about the host I'm using. I'll have to check into that.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: PHP_SELF contains PATH_INFO on server A but not server B

Post by superdezign »

The Ninja Space Goat wrote:On my laptop I have PHP Version 5.2.1.
[...]
On another server, I've got PHP Version 4.4.7..
I just noticed that. Ack.

Does that mean you have to dumb down your scripts to put them online?
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

No, my host will switch us to PHP 5 if we ask him to, but for this particular site there hasn't been a big need yet.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Re: PHP_SELF contains PATH_INFO on server A but not server B

Post by maliskoleather »

The Ninja Space Goat wrote:On my laptop I have PHP Version 5.2.1. When I put in a url such as http://www.example.com/index.php/malicious-xxs-attack on this server, PHP_SELF looks like this:

/index.php/malicious-xss-attack

On another server, I've got PHP Version 4.4.7. When I enter the same url, PHP_SELF looks like this:

/index.php

Is there some sort of setting that causes this? I'm pretty sure I've been told why before, but I don't remember and searching has turned up nothing.
your second server is probably running as CLI.
since version 4.3, if running as CLI, PHP_SELF contains the filename, anything earlier it comes up empty.
running as the apache module, it should contain the full page path.

you may wanna look around the $_SERVER['argv'] variable... if i remember right, that contains what you want when used in CLI.
Post Reply