On Thu, May 19, 2011 at 15:04, Scott Baker <bakers@xxxxxxxxxxxx> wrote: > I have a script: > > http://www.perturb.org/index.php > > I accidentally put a trailing / on the url and it STILL loaded: > > http://www.perturb.org/index.php/ > > Is that a bug in URL interpretation? I've tried it on three servers and > all seem to have the same behavior. All three were Apache on Linux, but > different versions as far back as PHP 5.2.x. It's not only intentional, it's also an exploitable feature used in search engine-friendly URLs and such, and is used by frameworks including CodeIgniter. You can grab that data from the $_SERVER['PATH_INFO'] superglobal value. Try this: <?php // Filename: test.php var_dump($_SERVER['PATH_INFO']); ?> Then, if that file is in the web root of your local machine, hit it like so: http://localhost/test.php/this/is/neat http://localhost/test.php/another/fine/day/in/the/suburbs http://localhost/test.php/ http://localhost/test.php http://localhost/test.php/check/this/out?foo=bar&fruit[]=apple&fruit[]=banana&fruit[]=cherry This way, you can see a variety of examples of how it grabs that and only that. Now get creative. ;-P -- </Daniel P. Brown> Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
