[nycphp-talk] $_SERVER['PHP_SELF'} not working?
Cliff Hirsch
cliff at pinestream.com
Thu Jul 21 09:30:18 EDT 2005
On 7/21/05, George Schlossnagle <george at omniti.com> wrote:
>
> On Jul 21, 2005, at 8:54 AM, csnyder wrote:
>
> > On 7/20/05, Daniel Convissor <danielc at analysisandsolutions.com>
> > wrote:
> >
> >
> >> More importantly, PHP_SELF can be tainted by users. Don't assume
> >> it's safe.
> >>
> >
> > Hmm. How does $_SERVER['PHP_SELF'] get tainted by users?
>
> By appending parameters to the uri you're requesting, i.e. requesting
>
> http://example.com/?$BAD_STUFF_HERE
>
>Not in PHP 5.0.4 -- PHP_SELF is only the relative filename of the
>script called by the webserver, no query information is attached.
This would eliminate the security hole, but does mean that we would have
to reconstruct the get query to figure out how to get back to where we
started from. A bit of a pain if we are trying to bounce back to a page
that, for example, requested user login.
More information about the talk
mailing list