php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #40853 get_project_env() to get current URI, accessing script...
Submitted: 2007-03-19 13:52 UTC Modified: 2007-03-28 14:37 UTC
Votes:14
Avg. Score:4.8 ± 0.4
Reproduced:12 of 13 (92.3%)
Same Version:3 (25.0%)
Same OS:3 (25.0%)
From: ng4rrjanbiah at rediffmail dot com Assigned:
Status: Open Package: Feature/Change Request
PHP Version: 5.2.1 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ng4rrjanbiah at rediffmail dot com
New email:
PHP Version: OS:

 

 [2007-03-19 13:52 UTC] ng4rrjanbiah at rediffmail dot com
Description:
------------
Why needed:

There is no reliable mechanism in PHP to get the current executing script name. $_SERVER['SCRIPT_FILENAME'] and $_SERVER['argv'][0] are not reliable now; the variables are again prone to tampering (say for example, any including scripts could override these global vars for that file scope).
Implementation of this function might also solve XSS issues.

How this function has to be implemented:

If the current accessed URI is 'http://example.com/foo_project/foobar.php?php=1&ajax=0'
get_project_env() returns

'current_uri'              => 'http://example.com/foo_project/foobar.php?php=1&ajax=0',
'current_accessing_script' => '/foo_project/foobar.php',
'current_file'             => '/foo_project/foobar.php', //will be different if the file is included (__FILE__)
'current_include_depth'    => 0                          //will be different if it's included by the accessing script


What urged me to post this request:

I have the file architecture something like:

<?php
//foo.php
include './config.php';
include './license_check.php';
//blah... the rest of the proprietary codes.

?>

All files except config.php and say foobar.php will be encrypted for proprietary reasons. I need to check if the accessing script is 'foobar.php' inside the license_check.php; see, the user can still access to the config.php and can tamper the $_SERVER--which is the only way now to get the current accessing script, AFA*I*K.
In this case, if I have get_project_env(), it will return untampered current URI, accessing script, etc. This will be very helpful.

Thanks,
R. Rajesh Jeba Anbiah


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-20 14:31 UTC] ng4rrjanbiah at rediffmail dot com
The function name can be get_script_env() instead of get_project_env() (for clarity, if you want)


Thanks,
R. Rajesh Jeba Anbiah
 [2007-03-28 14:37 UTC] ng4rrjanbiah at rediffmail dot com
Is this request need any further input from me?

Thanks,
R. Rajesh Jeba Anbiah
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 05:01:23 2019 UTC