On 19 May 2011 21:13, Daniel Brown <danbrown@xxxxxxx> wrote: > On Thu, May 19, 2011 at 15:04, Scott Baker <bakers@xxxxxxxxxxxx> wrote: >> I have a script: >> >> http://www.perturb.org/index.php >> >> I accidentally put a trailing / on the url and it STILL loaded: >> >> http://www.perturb.org/index.php/ >> >> Is that a bug in URL interpretation? I've tried it on three servers and >> all seem to have the same behavior. All three were Apache on Linux, but >> different versions as far back as PHP 5.2.x. > > Â ÂIt's not only intentional, it's also an exploitable feature used > in search engine-friendly URLs and such, and is used by frameworks > including CodeIgniter. > > Â ÂYou can grab that data from the $_SERVER['PATH_INFO'] superglobal > value. ÂTry this: > > <?php > // Filename: test.php > var_dump($_SERVER['PATH_INFO']); > ?> > > Â ÂThen, if that file is in the web root of your local machine, hit it like so: > > Â Â Â Âhttp://localhost/test.php/this/is/neat > Â Â Â Âhttp://localhost/test.php/another/fine/day/in/the/suburbs > Â Â Â Âhttp://localhost/test.php/ > Â Â Â Âhttp://localhost/test.php > Â Â Â Âhttp://localhost/test.php/check/this/out?foo=bar&fruit[]=apple&fruit[]=banana&fruit[]=cherry > > Â ÂThis way, you can see a variety of examples of how it grabs that > and only that. ÂNow get creative. Â;-P > > > -- > </Daniel P. Brown> > Network Infrastructure Manager > http://www.php.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Assuming no knowledge of the underlying web server, as I understand things, the path is parsed left to right and broken at /, ? and #. At a / the left hand part is used to try and find a matching file. If so, we win. The rest of the URL is passed onto PATH_INFO. At a ? the right hand part is sent to the QUERY_STRING At a #, the fragment_id doesn't seem to reach PHP. Running ... http://site.com/phpinfo.php/some/junk/path?some=junk&value=supplied#stop_here I get ... _REQUEST["some"] junk _REQUEST["value"] supplied _GET["some"] junk _GET["value"] supplied _SERVER["DOCUMENT_ROOT"] D:\Web Sites\Development\Accounts Department\public_html _SERVER["REQUEST_URI"] /global/phpinfo.php/some/junk/path?some=junk&value=supplied _SERVER["SCRIPT_FILENAME"] D:\Web Sites\All Sites\phpinfo.php _SERVER["APPL_PHYSICAL_PATH"] D:\Web Sites\Development\Accounts Department\public_html\ _SERVER["PATH_INFO"] /some/junk/path _SERVER["PATH_TRANSLATED"] D:\Web Sites\All Sites\phpinfo.php\some\junk\path _SERVER["QUERY_STRING"] some=junk&value=supplied _SERVER["SCRIPT_NAME"] /global/phpinfo.php _SERVER["URL"] /global/phpinfo.php _SERVER["ORIG_PATH_INFO"] /global/phpinfo.php/some/junk/path _SERVER["PHP_SELF"] /global/phpinfo.php/some/junk/path _SERVER["argv"] Array ( [0] => some=junk&value=supplied ) _SERVER["argc"] 1 No mention at all of the "stop_here" text. -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/iZdpBR -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
