Description:
------------
I tried today to submit a note to the documentation section.

Now your bug reporting system doesn't accept web error reporting either.
It asks me for a patch???

OK Well I'm looking for a job so if you want me to patch your website, I'll apply for that too then.

I will attach the post below so you can see if it accidentally hit you more than once.

First of all the script complains that the line breaks did not catch properly and I have to reconfirm being human 5 times.

In the end the script entry looks like it's formatted for a MOBI server rather than a .NET server. After all, 99.9% of all my site visitors use 1280x1024 or greater in resolution so it feels a bit iffy to struggle on this rudimentary part.

Once I got through, the site hung.
It just simply would not load the page to confirm the posting was successful for about 4 or 5 minutes.

I had time enough to find the bug report section, search it and end up here before it went through.

Test script:
---------------
The page I submitted was...
(in re: http://php.net/manual/en/reserved.variables.php )
---------------------------------------------------------

This spawns off of 
[Typer85 at gmail dot com] 18-Feb-2008 11:56
below mentioning some oddities about how 
PHP_SELF worked in tests.
I believe you may have a fault in your windows setup.

I run Apache 2.2.1 and PHP 5.2.8 on 
Win XP SP 3 32-bit just fine so the following 
is written on a Win machine intended to work on
NIX boxes as well but I have yet to test this solution.

The only difference is the filepath in __FILE__ which
shows / instead of \ 

I hope this will help some newbies too, to find their
way around these things.

The following should mitigate issues with 
$_SERVER[PHP_SELF] vs. __FILE__

The potential use for this code: 

Add the code to the very beginning of
an included file and you won't have problems 
with people trying to execute script paths 
which should only be INCLUDES in your other pages.


Windows styled return on Apache Windows
The Calling File---     
PHP_SELF --> /xr/index.php
The Included File---    
__FILE__ --> C:\Program\Apache2.2\htdocs\subpath\included.php

<?php
/*
-------------------------------------------------
NOTE! 

The script must be entered into the script page you 
want to protect. It cannot run as an Include as this 
would cause __FILE__ to always record the included 
file and not the script page you wish to protect.

-------------------------------------------------
*/

$XProtect = __FILE__;
$pos =strripos($XProtect,'\\');
if ($pos === false){
    $pos =strripos($XProtect,'/');
    if ($pos !== false){
    //get end of string based on NIX filesystem
        $XProtect = substr($XProtect,$pos+1); 
    }else{ 
//now this is odd, you don't have a filesystem ???
/*leave as is & drop out or exit here if you want... 
you decide*/
    }
}else{  //must be a windows system
   //get end of string based on WIN filesystem
    $XProtect = substr($XProtect,$pos+1); 
}
// keep only end of file according to PHP_SELF for check
$XFileExec = substr($_SERVER['PHP_SELF'],
 strlen($_SERVER['PHP_SELF'])-strlen($XProtect));
//here comes the protective part...
//bail if calling page is the script itself
if ($XFileExec===$XProtect){Exit;}


?>

Expected result:
----------------
less errors

Actual result:
--------------
to many errors