php 5.2.4 & 5.2.5 PHP_SELF wrong??

Soldato
Joined
6 Feb 2004
Posts
20,861
Location
England
anybody running either of these, can you check the value of

$_SERVER['PHP_SELF']

on my server at home, it's duplicating the page so instead of

/blah.php

it's showing

/blah.php/blah.php

:confused:

gone back to 5.2.3 and it's fine - i even tried the default php.ini in case it was a problem with me copying my old one - it's still not right????? :p

(windows version btw)
 
It's worth noting that PHP_SELF is dangerous to use, anyway. It can be tainted by the user.

i'm only using it to build a tabbed menu. i have an array of all pages which i loop through and if the current value matches PHP_SELF, the output is slightly different. hopefully i don't have anything to worry about. :p

Yeah, it's a known bug but has supposedly been fixed now:

http://bugs.php.net/bug.php?id=42523

thanks for that. but it does say 5.2.4 - i would have thought 5.2.5 would be fixed??? :confused:

thanks for the replies everyone. :)
 
It's fine if you treat it like any user supplied value, encode it before outputting and escape it before inserting it into a database.
Unfortunately it can still be difficult to handle. Easier to just substr the docroot from the path of the current file, or just use script_path.
 
i would have thought 5.2.5 would be fixed??? :confused:

my mistake - it is fixed. i had to change a setting on my webserver. :D

i use abyss webserver and this is what they say - apparently it's php's fault.... :p

The PHP developers have confirmed that starting 5.2.4, they are fully conforming to the CGI specification. So there is no more need to use the "PHP Style" type which was designed by us as a workaround to make earlier versions of PHP run in a pseudo-CGI conformant mode.

So from now on, PHP on Abyss Web Server will use the "Standard" type.
 
Last edited:
Back
Top Bottom