Thursday, May 5, 2011

Filter PHP's $_SERVER['PHP_SELF']

I need to filter the unreliable $_SERVER['PHP_SELF'] varialbe. Is this a good approach:

function filterPhpSelf($str) 
{
    $phpself = basename(__FILE__);
    $str = substr($str, 0, strpos($str,$phpself)) . $phpself;
    return $unsafeStr;
}

where $str is $_SERVER['PHP_SELF']?

From stackoverflow
  • 1) Your code will raise an error if run.

    2) $_SERVER['PHP_SELF'] is not unsafe. Unsafe use of it is unsafe.

    Kris : unreliable !== unsafe
    troelskn : You're right Kris .. I misread that, it seems. Of course that begs the question as to what's unreliable about it?
  • Yes, that will do. Though you will want to change:

    return $unsafeStr;
    

    to

    return $str;
    

0 comments:

Post a Comment