发表新帖
发表新帖

How To Identify The Requested Page In PHP

后端 未结
关注
5 1379
栀梦
栀梦 2021-02-04 04:59

Is there any easy way to identify the file initially handling the request, ignoring get arguments and handling (at least basic) mappings like / to /index.php<

相关标签:
5条回答
  • 谎友^
    2021-02-04 05:21 
    $_SERVER['PHP_SELF']

    Should return the actual script. But there are various methods.

    I had a better link to a matrix of all the various file-related environment variables but I can't find it. I'll edit if it turns up.

    Edit: I found a nice SO thread that details the differences between them.

    0 讨论(0)
  • 不知归路
    2021-02-04 05:23

    Its very old question and not very clear too. What I understood is that you want to know which page is sending request GET/POST. This can be implemented by:

    $_SERVER['HTTP_REFERER']

    Now, to get the actual page name, write like: = basename($_SERVER['HTTP_REFERER']);

    This will solve you concern.

    0 讨论(0)
  • 忘掉有多难
    2021-02-04 05:29
    1. parse_url($_SERVER['REQUEST_URI']) and then pathinfo($path) to get requested filename
    2. $_SERVER['PHP_SELF'] to get real filename
    3. $_SERVER['SCRIPT_NAME'] to get real filename
    0 讨论(0)
  • 自闭症患者
    2021-02-04 05:37

    I decided to test it out myself. The $_SERVER['SCRIPT_NAME'] variable serves up the path to the requested file, even if it's an index file, and without get parameters or anything else. The PHP documentation states this contains the path of the file, but it seems to be relative to the document root, just like PHP_SELF, but without the security vulnerability.

    Here is the code I used to test this: https://gist.github.com/dimo414/5484870

    The output when requesting example.com/?foo=bar:

    __FILE__:               /var/www/index.php
PHP_SELF:               /index.php
SCRIPT_NAME:            /index.php
REQUEST_URI:            /?foo=bar
parse_url(REQUEST_URI): /


__FILE__:               /var/www/pathtest.php
PHP_SELF:               /index.php
SCRIPT_NAME:            /index.php
REQUEST_URI:            /?foo=bar
parse_url(REQUEST_URI): /

    And the output when requesting example.com/index.php/<strong>XSS</strong>:

    __FILE__:               /var/www/index.php
PHP_SELF:               /index.php/XSS # note the XSS exploit (this is bold in browser)
SCRIPT_NAME:            /index.php     # No exploit here
REQUEST_URI:            /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E


__FILE__:               /var/www/pathtest.php
PHP_SELF:               /index.php/XSS
SCRIPT_NAME:            /index.php
REQUEST_URI:            /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E

    As you can see, $_SERVER['SCRIPT_NAME'] always gives back the file that originally handled the request, i.e. the file in the URL, without any XSS risks.

    0 讨论(0)
  • 时光取名叫无心
    2021-02-04 05:43

    Go get file name from the requested URL use following code.

    basename($_SERVER['URL']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['SCRIPT_NAME']);
basename($_SERVER['SCRIPT_FILENAME']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['PATH_TRANSLATED']);
basename($_SERVER['PHP_SELF']);

    use any one all all of those in the nested if condition so you will not miss file name any how.

    0 讨论(0)
 看不清?
提交回复
热议问题