| Rely on $ SERVER['REQUEST URI']?
Is $_SERVER['REQUEST_URI'] always available? |
Zuulo
msg:4524490 | 12:09 pm on Dec 3, 2012 (gmt 0) |
Hello!
I use code like
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /index.php
to handle all requests for pages in my index.php file. Can I be sure, that $_SERVER['REQUEST_URI'] is always available? (It's important, because I use this variable to find out what page was requested.)
Greetings, Zuulo
|
g1smd
msg:4524513 | 1:57 pm on Dec 3, 2012 (gmt 0) |
It should always be there, or a variant of it, but it might easily contain something quite malicious so it should be cleaned and verified before doing anything else with it.
I find this code quite useful:
if( !empty( $GLOBALS[ '_SERVER' ])) {
$_SERVER_ARRAY= '_SERVER';
} elseif( !empty( $GLOBALS[ 'HTTP_SERVER_VARS' ])) {
$_SERVER_ARRAY= 'HTTP_SERVER_VARS';
} else {
$_SERVER_ARRAY= 'GLOBALS';
}
$requestHost= ${$_SERVER_ARRAY}[ 'SERVER_NAME' ];
$datetime= gmdate( 'Y-m-d H:i:s O' );
$remoteIP= ${$_SERVER_ARRAY}[ 'REMOTE_ADDR' ];
$requestURI= ${$_SERVER_ARRAY}[ 'REQUEST_URI' ];
$referer= ( isset( ${$_SERVER_ARRAY}[ 'HTTP_REFERER' ]))
? ${$_SERVER_ARRAY}[ 'HTTP_REFERER' ]
: '<unknown referer>';
$userAgent= ( isset( ${$_SERVER_ARRAY}[ 'HTTP_USER_AGENT' ]))
? ${$_SERVER_ARRAY}[ 'HTTP_USER_AGENT' ]
: '<unknown user agent>';
|
Zuulo
msg:4525441 | 7:42 pm on Dec 5, 2012 (gmt 0) |
Thank you g1smd!
[Cleaning: There's only a limited number of pages, so I use a whitelist -> if(in_array($requested, $allowed)){ ... }.]
|
|
|
