At 8:14 PM +0800 2/20/08, Eric Boo wrote:
Hi all, I'm currently parsing the variable $_SERVER['PHP_SELF'] to get the base url of a site. Example: http://www.example.com/~eric/program/index.php?option=abc What I'm interested in getting is "http://www.example.com/~eric/program/";, which I am able to get currently. Questions" 1) Are there security implications in using $_SERVER['PHP_SELF'], and if so, how do I mitigate it?
1a) Yes, it's insecure because it's an outside source. Never trust the user for anything. 1b) Use hard coded absolute references OR check that what you receive from $_SERVER['PHP_SELF'] is what you expect.
As to parsing it, look into basename() examples. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
