Re: differences in between these env. variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jan 29, 2012 at 5:38 PM, Tedd Sperling <tedd.sperling@xxxxxxxxx> wrote:
> On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote:
>
>> On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperling@xxxxxxxxx> wrote:
>> On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote:
>>
>> > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF?
>>
>> Was this every answered? I would like to know.
>>
>> Cheers,
>>
>> tedd
>>
>> Yep, can be different:
>> http://stackoverflow.com/questions/279966/php-self-vs-path-info-vs-script-name-vs-request-uri
>>
>> Adam
>
> I should have been more clear -- I understand:
>
> [PHP_SELF] => /test.php/foo/bar
> [SCRIPT_NAME] => /test.php/
>
> by practice is different.
>
> I should have used basename() in my question.
>
> The main point I was trying to get was which one is more secure and not subject to cross-site scripting or other such security issues?
>
> IOW, if you had to bet your life on it, which would be most secure in reporting an accurate basename()?
>
> Cheers,
>
> tedd

I don't think basename() makes much sense here, does it?
basename($_SERVER['PHP_SELF']) would give bar on your first example.

To answer your question about XSS or other security issues, it all
depends on how you use the info afterwards.

- Matijn

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux