php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #40853 get_project_env() to get current URI, accessing script...
Submitted: 2007-03-19 13:52 UTC Modified: 2021-02-12 15:08 UTC
Votes:14
Avg. Score:4.8 ± 0.4
Reproduced:12 of 13 (92.3%)
Same Version:3 (25.0%)
Same OS:3 (25.0%)
From: ng4rrjanbiah at rediffmail dot com Assigned: cmb (profile)
Status: Wont fix Package: *General Issues
PHP Version: 5.2.1 OS:
Private report: No CVE-ID: None
View Developer Edit
 [2007-03-19 13:52 UTC] ng4rrjanbiah at rediffmail dot com 
Description:
------------
Why needed:

There is no reliable mechanism in PHP to get the current executing script name. $_SERVER['SCRIPT_FILENAME'] and $_SERVER['argv'][0] are not reliable now; the variables are again prone to tampering (say for example, any including scripts could override these global vars for that file scope).
Implementation of this function might also solve XSS issues.

How this function has to be implemented:

If the current accessed URI is 'http://example.com/foo_project/foobar.php?php=1&ajax=0'
get_project_env() returns

'current_uri'              => 'http://example.com/foo_project/foobar.php?php=1&ajax=0',
'current_accessing_script' => '/foo_project/foobar.php',
'current_file'             => '/foo_project/foobar.php', //will be different if the file is included (__FILE__)
'current_include_depth'    => 0                          //will be different if it's included by the accessing script


What urged me to post this request:

I have the file architecture something like:

<?php
//foo.php
include './config.php';
include './license_check.php';
//blah... the rest of the proprietary codes.

?>

All files except config.php and say foobar.php will be encrypted for proprietary reasons. I need to check if the accessing script is 'foobar.php' inside the license_check.php; see, the user can still access to the config.php and can tamper the $_SERVER--which is the only way now to get the current accessing script, AFA*I*K.
In this case, if I have get_project_env(), it will return untampered current URI, accessing script, etc. This will be very helpful.

Thanks,
R. Rajesh Jeba Anbiah

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-20 14:31 UTC] ng4rrjanbiah at rediffmail dot com 
The function name can be get_script_env() instead of get_project_env() (for clarity, if you want)


Thanks,
R. Rajesh Jeba Anbiah
 [2007-03-28 14:37 UTC] ng4rrjanbiah at rediffmail dot com 
Is this request need any further input from me?

Thanks,
R. Rajesh Jeba Anbiah
 [2021-02-12 15:08 UTC] cmb@php.net
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: cmb
 [2021-02-12 15:08 UTC] cmb@php.net 
You can define get_project_env() in userland according to your
needs, so I don't think this should be integrated into PHP.  If
you still feel this feature should be added, please pursue the RFC
process[1].

[1] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 31 19:00:02 2025 UTC