mod_rewrite& PHP; $ _SERVER ['REQUEST_URI']与mod_rewrite [英] mod_rewrite & PHP; $_SERVER['REQUEST_URI'] vs. mod_rewrite

查看:78
本文介绍了mod_rewrite& PHP; $ _SERVER ['REQUEST_URI']与mod_rewrite的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

快速一:

我很好奇,如果有人知道在某些情况下$_SERVER['REQUEST_URI']会包含不同于$_GET['_uri']的值,给定以下.htaccess:

I'm curious if anyone knows of certain circumstances under which $_SERVER['REQUEST_URI'] would contain a different value than $_GET['_uri'], given the following .htaccess for the latter:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ?_uri=$1 [L,QSA]

我一直在使用后一种方法$_GET['_uri'],虽然我知道mod_rewrite仍然是必需的,但我想摆脱将URI作为查询参数存储的问题.

I've been using the latter method $_GET['_uri'], and while I'm aware that mod_rewrite would still be necessary, I'd like to get away from storing the URI as a query parameter.

好吧,我找到了一个我以前没有注意到的东西.当mod_rewrite转发到的应用程序引导不在根Web目录中时,$_SERVER['REQUEST_URI']包含父目录,而$_GET['_uri']仅包含后一个URI组件.示例:

Well, I've found one I didn't notice before; when the application bootstrap to which mod_rewrite forwards is not in the root web directory, $_SERVER['REQUEST_URI'] contains the parent directories, whereas $_GET['_uri'] only contains the latter URI component. Example:

引导程序为 /subdir/index.php
请求 http://localhost/subdir/foo/bar/baz/

Bootstrap is /subdir/index.php
Requesting http://localhost/subdir/foo/bar/baz/

$_SERVER['REQUEST_URI']   "/subdir/foo/bar/baz/"
$_GET['_uri']             "foo/bar/baz/"

$_SERVER['REQUEST_URI']  "/subdir/foo/bar/baz/"
$_GET['_uri']            "foo/bar/baz/"

为了复制$_GET['_uri']的结果,决定使用此:

In order to replicate the result of $_GET['_uri'], decided to use this:

$prefix = trim(dirname(strtr($_SERVER['PHP_SELF'], '\\', '/')), '/') . '/';
$uri = trim($_SERVER['REQUEST_URI'], '/') . '/';
if(substr($uri, 0, strlen($prefix)) == $prefix){
    $uri = substr($uri, strlen($prefix));
}

但是我过去很少使用$_SERVER['PHP_SELF'],现在已经知道它带有某些漏洞和/或与它的用法不一致的地方.

But I've not used $_SERVER['PHP_SELF'] often in the past, and now have read that it carries certain vulnerabilities and/or inconsistencies with it's use.

推荐答案

http://example.com/meow?param=value&_uri=hihihi

  • 预期的$_GET['_uri']结果:meow
  • 实际结果:hihihi
  • $_SERVER['REQUEST_URI']值:/meow?param=value&_uri=hihihi
  • $_SERVER['REDIRECT_URL']值:/meow

    • Expected $_GET['_uri'] result: meow
    • Actual result: hihihi
    • $_SERVER['REQUEST_URI'] value: /meow?param=value&_uri=hihihi
    • $_SERVER['REDIRECT_URL'] value: /meow

      • 全部是由于[QSA]标志.

      改为使用$_SERVER['REQUEST_URI']和/或$_SERVER['REDIRECT_URL'].

      以上内容适用于Apache.在IIS 7.x上可能有所不同.

      The above is for Apache. On IIS 7.x it may be a bit different.

      这篇关于mod_rewrite& PHP; $ _SERVER ['REQUEST_URI']与mod_rewrite的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆