问题
Quick one:
I'm curious if anyone knows of certain circumstances under which $_SERVER['REQUEST_URI'] would contain a different value than $_GET['_uri'], given the following .htaccess for the latter:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ?_uri=$1 [L,QSA]
I've been using the latter method $_GET['_uri'], and while I'm aware that mod_rewrite would still be necessary, I'd like to get away from storing the URI as a query parameter.
Well, I've found one I didn't notice before; when the application bootstrap to which mod_rewrite forwards is not in the root web directory, $_SERVER['REQUEST_URI'] contains the parent directories, whereas $_GET['_uri'] only contains the latter URI component. Example:
Bootstrap is
/subdir/index.php
Requestinghttp://localhost/subdir/foo/bar/baz/
$_SERVER['REQUEST_URI']"/subdir/foo/bar/baz/"$_GET['_uri']"foo/bar/baz/"
In order to replicate the result of $_GET['_uri'], decided to use this:
$prefix = trim(dirname(strtr($_SERVER['PHP_SELF'], '\\', '/')), '/') . '/';
$uri = trim($_SERVER['REQUEST_URI'], '/') . '/';
if(substr($uri, 0, strlen($prefix)) == $prefix){
$uri = substr($uri, strlen($prefix));
}
But I've not used $_SERVER['PHP_SELF'] often in the past, and now have read that it carries certain vulnerabilities and/or inconsistencies with it's use.
回答1:
http://example.com/meow?param=value&_uri=hihihi
- Expected
$_GET['_uri']result:meow - Actual result:
hihihi $_SERVER['REQUEST_URI']value:/meow?param=value&_uri=hihihi$_SERVER['REDIRECT_URL']value:/meow
All because of [QSA] flag.
Use $_SERVER['REQUEST_URI'] and/or $_SERVER['REDIRECT_URL'] instead.
The above is for Apache. On IIS 7.x it may be a bit different.
来源:https://stackoverflow.com/questions/6590125/mod-rewrite-php-serverrequest-uri-vs-mod-rewrite