[nycphp-talk] Re: PHP_SELF problems
Dell Sala
dell at sala.ca
Fri Dec 29 14:45:49 EST 2006
On Dec 29, 2006, at 2:00 PM, Dan Cech wrote:
>> I always use the __FILE__ constant. Can't be touched by user
>> input. The
>> basename() and dirname() are handy to use along with it.
>
> The problem comes when you're attempting to construct the correct
> absolute URL for a given file. When running php as a cgi there
> doesn't
> seem to be a method of achieving this securely, as in this setup
> $_SERVER['SCRIPT_NAME'] will contain the php interpreter, like '/
> php-cgi'.
What about using $_SERVER['DOCUMENT_ROOT'] like this?
$absoluteUrl = str_replace($_SERVER['DOCUMENT_ROOT'], '', __FILE__);
You should probably use preg_replace() to make sure it only strips
off the beginning of the string, but you get the idea. I don't know
how reliable DOCUMENT_ROOT is, but you could get around that by
explicitly providing the document root for your site as a
configurable constant.
define('MYSITE_DOC_ROOT', '/path/to/site/root');
$absoluteUrl = preg_replace('#^'.MYSITE_DOC_ROOT.'#', '', __FILE__);
-- Dell
More information about the talk
mailing list