[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Tim Gales
tgales at tgaconnect.com
Thu Jul 21 10:01:42 EDT 2005
csnyder wrote:
> On 7/21/05, George Schlossnagle <george at omniti.com> wrote:
>
>>On Jul 21, 2005, at 8:54 AM, csnyder wrote:
>>
>>
>>>On 7/20/05, Daniel Convissor <danielc at analysisandsolutions.com> wrote:
>>>
>>>
>>>
>>>>More importantly, PHP_SELF can be tainted by users. Don't assume
>>>>it's
>>>>safe.
>>>>
>>>
>>>Hmm. How does $_SERVER['PHP_SELF'] get tainted by users?
>>
>>By appending parameters to the uri you're requesting, i.e. requesting
>>
>>http://example.com/?$BAD_STUFF_HERE
>
>
> Not in PHP 5.0.4 -- PHP_SELF is only the relative filename of the
> script called by the webserver, no query information is attached.
> _______________________________________________
The original question was how to get
>> header(
>>"Location:$_SERVER[PHP_SELF]?action=internet&reqflag=1&join=$joinFlag");
>>
--
T. Gales & Associates
'Helping People Connect with Technology'
http://www.tgaconnect.com
More information about the talk
mailing list