I need to filter the unreliable $_SERVER['PHP_SELF'] varialbe. Is this a good approach:
function filterPhpSelf($str)
{
$phpself = basename(__FILE__);
$str = substr($str, 0, strpos($str,$phpself)) . $phpself;
return $unsafeStr;
}
where $str is $_SERVER['PHP_SELF']?
From stackoverflow
-
1) Your code will raise an error if run.
2)
$_SERVER['PHP_SELF']is not unsafe. Unsafe use of it is unsafe.Kris : unreliable !== unsafetroelskn : You're right Kris .. I misread that, it seems. Of course that begs the question as to what's unreliable about it? -
Yes, that will do. Though you will want to change:
return $unsafeStr;to
return $str;
0 comments:
Post a Comment