[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Dan Cech
dcech at phpwerx.net
Thu Jul 21 17:16:21 EDT 2005
You could put:
$_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME'];
into one of your common include files.
Dan
Matt Juszczak wrote:
>>>You have opened a can of worms. If PHP_SELF can be tainted, are
>>>you saying we shouldn't use it? It's such a valuable tool. HOw
>>>can we guarantee it's integrity?
>
>
> I'm freaking out now ...
>
> Like I had before....
>
> <form method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
>
> appears in a LOT of my code.
>
> is it now crucial to switch this to:
>
> <form method="post" action="<?PHP echo basename($_SERVER['PHP_SELF']);
> ?>">
>
> Is there any circumstance which could keep me from having to switch all
> this code?
>
> -Matt
More information about the talk
mailing list