便携式且安全的获取PATH_INFO的方法 [英] Portable and safe way to get PATH_INFO
问题描述
我正在寻找一种便携式方式来接收(方便的)$_SERVER['PATH_INFO']
变量.
I'm seeking a portable way to receive the (handy) $_SERVER['PATH_INFO']
variable.
阅读一段时间后,发现PATH_INFO
源自CGI/1.1,但我并不总是出现在所有配置中.
After reading a while, it turns out PATH_INFO
is originated from CGI/1.1, and my not always be present in all configuration.
获取该变量的最佳方法(主要是从安全角度考虑)是什么-除了手动提取变量以外,(出于安全考虑).
What is the best (mostly security-wise) way to get that variable - apart from extracting it manually (security concern).
推荐答案
好吧,我(几乎)确信在不使用$_SERVER
超全局键的情况下,提供一种替代方法来找出PATH_INFO
只是这是不可能的,首先列出所有$ _SERVER密钥我们可能可能使用:
Well, I'm (almost) sure that without making use of the $_SERVER
superglobal keys, providing a alternative way to figure out PATH_INFO
is just impossible, that being said lets first list all of the $_SERVER keys that we may possibly use:
- 'PHP_SELF'
- "QUERY_STRING"
- "SCRIPT_FILENAME"
- 'PATH_TRANSLATED'
- "SCRIPT_NAME"
- 'REQUEST_URI'
- "PATH_INFO"
- 'ORIG_PATH_INFO'
我们显然需要忽略最后两个.现在,我们应该(我不知道这个事实,我只是假设是因为您这样说)过滤掉您提供的链接中存在的所有键(
We obviously need to ignore the last two. Now we should (I don't know this for a fact, I'm just assuming because you said so) filter all the keys that exist in the link you provided (which BTW is offline ATM), that leaves us with the following keys:
- 'PHP_SELF'
- "SCRIPT_FILENAME"
- 'REQUEST_URI'
关于您对安东尼的回答的评论:
您现在只是在处理变量.
SCRIPT_FILENAME
是CGI的一部分 规格如果以下情况将不可用PATH_INFO
不可用.至于REQUEST_URI
,它是apache的mod_rewrite 具体的. – LiraNuna
You are just juggling variables now.
SCRIPT_FILENAME
is a part of the CGI spec. It will not be available ifPATH_INFO
is unavailable. As forREQUEST_URI
, it's apache's mod_rewrite specific. – LiraNuna
我正在使用PHP 5.3.0作为CGI运行 LightTPD/1.4.20-1(Win32),cgi.fix_pathinfo = 1
和$_SERVER['REQUEST_URI']
对我来说非常有用,我还记得使用它以前没有人使用过相同的变量mod_rewrite
,因此我诚实的谦虚猜测是,您在这一点上显然是错误的.关于SCRIPT_FILENAME
键,我无法测试那个自动柜员机.不过,如果我们真的很努力地闭上眼睛,并相信您是对的,那么我们只剩下一个变量:
I'm running LightTPD/1.4.20-1 (Win32) with PHP 5.3.0 as CGI, cgi.fix_pathinfo = 1
and $_SERVER['REQUEST_URI']
is very available to me, I also remember using that same variable back in the days when no one used mod_rewrite
so my honest humble guess is that you're plain wrong in this point. Regarding the SCRIPT_FILENAME
key I'm unable to test that one out ATM. Still, if we close our eyes really hard and believe that you're right that leaves us with only one variable:
- 'PHP_SELF'
我并不是想在这里苛刻(并且我仍然相信还有更多解决方案),但是如果PHP_SELF
是您希望我们使用的唯一键(假设
I'm not trying in being harsh here (and I still believe that there are more solutions) but if PHP_SELF
is the only key you want us to work with (assuming there are no impositions on PHP_SELF
itself) there is only one solution left:
function PATH_INFO()
{
if (array_key_exists('PATH_INFO', $_SERVER) === true)
{
return $_SERVER['PATH_INFO'];
}
$whatToUse = basename(__FILE__); // see below
return substr($_SERVER['PHP_SELF'], strpos($_SERVER['PHP_SELF'], $whatToUse) + strlen($whatToUse));
}
此函数应该可以工作,但是使用 __FILE__
常量可能会出现一些问题,因为它返回声明了__FILE__
常量的文件的路径,而不是所请求的PHP脚本的路径,因此这就是$ whatToUse的原因:因此,您可以用'SCRIPT_FILENAME'
替换它,或者如果您真的相信自己说的话,只需使用'.php'
.
This function should work, however there may be some problems using the __FILE__
constant since it returns the path to the file where the __FILE__
constant is declared and not the path to the requested PHP script, so that's why the $whatToUse is there for: sou you can replace it with 'SCRIPT_FILENAME'
or if you really believe in what you are saying, just use '.php'
.
您还应该阅读有关为何不使用PHP_SELF
的内容.
如果这对您不起作用,对不起,但是我还能想到其他任何事情.
If this doesn't work for you, I'm sorry but I can think of anything else.
编辑-为您提供更多阅读材料:
- Drupal request_uri()(为什么他们一直说
REQUEST_URI
是特定于Apache的吗?) -
PHP_SELF
vsPATH_INFO
vsSCRIPT_NAME
vsREQUEST_URI
- Drupal request_uri() (why do they keep saying
REQUEST_URI
is Apache specific?) PHP_SELF
vsPATH_INFO
vsSCRIPT_NAME
vsREQUEST_URI
这篇关于便携式且安全的获取PATH_INFO的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!