On Tue, Sep 16, 2008 at 3:09 AM, ANR Daemon <anrdaemon@xxxxxxxxxxx> wrote:
> Greetings, Jochem Maas.
> In reply to Your message dated Tuesday, September 16, 2008, 3:38:44,
>
> > ANR Daemon schreef:
> >> Greetings, Jochem Maas.
> >> In reply to Your message dated Friday, September 12, 2008, 17:05:58,
>
> > I like my 'schreef' better.
>
> Why you talking to my template? It has strict order to not speak with
> unknown
> people.
>
> >>>> actually $_SERVER[script_name] is probably better if not being used
> from
> >>>> a webserver.
> >>>>
> >>
> >>> you didn't mention wanting to use the cmdline.
> >>> untested code follows:
> >>
> >>> <?php
> >>
> >>> function indirectCall($s)
> >>> {
> >>> if (php_sapi_name() == 'cli') {
> >>> return strstr($s, $argv[0]) !== false;
> >>> } else {
> >>> return strstr($s, $_SERVER["REQUEST_URI"]) !== false;
> >>> }
> >>> }
> >>
> >>
> >> Actually, it must be (Windows-proof):
> >>
>
> > a, why must it be windows proof, nobody asked for that?
>
> It must work similarly on every platform it can be executed.
>
> > b, does this take into account that $_SERVER['SCRIPT_FILENAME'] is not
> available of some versions of IIS?
>
> I was unaware of this issue. Is it PHP-specific?
>
> > c, you'd think __FILE__ and $_SERVER['SCRIPT_FILENAME'] used consistent
> slashes on a given system, no? (I doubt
> > you need to do the funky translation.
>
> Apache/W32 2.2, PHP/W32 5.2.6
> __FILE__ has backspashes, $_SERVER['SCRIPT_FILENAME'] has forward slashes.
>
> > d, there is no account take for symlinks, if you really want to be
> pedantic:
>
> > realpath(__FILE__) != realpath(getenv('PATH_TRANSLATED'))
>
> RTFM anyone?
>
> cgi.fix_pathinfo boolean
> Provides real PATH_INFO/PATH_TRANSLATED support for CGI. PHP's previous
> behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
> what
> PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
> this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A
> setting of zero causes PHP to behave as before. Default is zero. You should
> fix your scripts to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
>
> PATH_TRANSLATED isn't available under apache2 (and 2.2) SAPI. But in
> contrast
> to issue you mentioned above, this behaviour is well-documented.
>
> > e. the OP wanted it to work on the cmdline as well (sounds silly to me
> but there you have it)
>
> It works on cmdline flawlessly.
> Tested on both local and network locations as well as from web server, with
> any possible mix of slashes.
>
> > but really this is all madness. put the file outside the webroot
>
> That's what i'm typically doing. Only one PHP file that available from
> webserver root is the index.php.
>
>
> --
> Sincerely Yours, ANR Daemon <anrdaemon@xxxxxxxxxxx>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Hi all,
I don't know who know phpbb, but i like it's approach to this problem...
simple set a constant in the scripts you should access and use defined
function for check it on includes... like:
index.php
define( 'IN_MY_APP', 1 );
include1.php
if ( !defined( 'IN_MY_APP' )) {
**header( 'HTTP/1.1 404 Not Found' );
header( 'Location: /' );
}
--
Thanks,
Diogo Neves
Web Developer @ SAPO.pt by PrimeIT.pt
