if ($_SERVER['SCRIPT_NAME'] === $thisPage) { }
$_SERVER['PHP_SELF']
你也应该改成
$_SERVER['SCRIPT_NAME']
如果你真的不能使用
__FILE__
$\u服务器['SCRIPT\u NAME']
例如,此URL:
http://example.com/sick.php/mwuahahahaha
给予:
/sick.php/mwuahahahaha
$\u服务器['SCRIPT\u NAME']
.
$\u服务器['PHP\u SELF']
htmlentities($_SERVER['PHP_SELF'])
变量概述:
-
__文件__
<?php /*test.php*/ include 'file.php';?>
<?php /*file.php*/ echo __FILE__;?>
/var/www/file.php
(而不是
/var/www/test.php
-
$_SERVER['SCRIPT_FILENAME']
:包含所请求脚本的文件系统路径,例如。
-
$\u服务器['SCRIPT\u NAME']
/test.php
(即使使用重写的URL)
-
$\u服务器['PHP\u SELF']
//
-&燃气轮机;
/
,
.
和
..
已解决),但包含其他路径信息。
-
$_SERVER['REQUEST_URI']
GET [REQUEST_URI] HTTP/1.0
. (转义)空字节在这里仍然可见。这只是我们之间的原始数据
GET
HTTP/1.0
(或您使用的任何HTTP版本)
这些变量的比较:
我做了这个测试
nc
,但是
telnet
应该也够了。服务器来自
http://xampp.org/
test.php
,包含:
<?php
$properties = array('SCRIPT_FILENAME', 'SCRIPT_NAME', 'PHP_SELF', 'REQUEST_URI');
printf("% 15s: %s\n", '__FILE__', __FILE__);
foreach($properties as $property){
printf('% 15s: %s', $property, $_SERVER[$property]."\n");
}
?>
测试:
$ nc localhost 80
GET ///somedir/./../////test.php/somedata%20here?q%00=%25 HTTP/1.0
HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix)
[stripped]
__FILE__: /opt/lampp/htdocs/test.php
SCRIPT_FILENAME: /opt/lampp/htdocs/test.php
SCRIPT_NAME: /////test.php
PHP_SELF: /////test.php/somedata here
REQUEST_URI: ///somedir/./../////test.php/somedata%20here?q%00=%25
使用
RewriteRule ^page/test test.php
:
$ nc localhost 80
GET ///somedir/./../page//.////test/somedata%20here?q%00=%25 HTTP/1.0
HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix)
[stripped]
__FILE__: /opt/lampp/htdocs/test.php
SCRIPT_FILENAME: /opt/lampp/htdocs/test.php
SCRIPT_NAME: /test.php
PHP_SELF: /test.php
REQUEST_URI: ///somedir/./../page//.////test/somedata%20here?q%00=%25
结论:在大多数情况下使用最安全的变量是
.
