如何禁用PHP的“复活节彩蛋"?网址? [英] How can I disable PHP's "easter egg" URLs?

问题描述

我最近发现了PHP中所谓的复活节彩蛋网址" :

I recently found out about the so-called "easter egg URLs" in PHP:

以下是您可以添加到PHP网页末尾以查看(某种程度上)隐藏的图像或网页的四个QUERY字符串:

These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or web page:

1. ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

这是最有趣的，并显示复活节彩蛋"图像 屋中一只兔子的名字(Sterling Hughes的兔子，名字叫 Carmella)，草丛中的棕色狗，苏格兰黑梗狗， 马虎的孩子手绘，蜡笔色的php标志，一个家伙 从他伸出来的面包棒(看起来像铅笔或炸薯条) 嘴巴像海象或PHP大象徽标.

This one is the most interesting, and displays an "easter egg" image of either a rabbit in a house (Sterling Hughes' rabbit, named Carmella), a brown dog in the grass, a black Scottish Terrier dog, a sloppy child hand-drawn, crayon-colored php logo, a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus, or a PHP elephant logo.

其他包括:

• ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42(PHP徽标)
• ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42(Zend徽标)
• ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000(PHP积分)

• ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 (PHP Logo)
• ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 (Zend logo)
• ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 (PHP Credits)

我很震惊地发现这确实适用于很多网站，包括我自己的网站.我认为这是愚蠢的，想要禁用它，但是据我所知，唯一的方法是在expose_php = Off的php.ini中，并且

I was shocked to discover that this does work on a lot of websites, including my own. I think this is idiotic and want to disable it, but from what I hear the only way to do it is in php.ini with expose_php = Off, and it can't be set at runtime with ini_set().

我无法直接访问实时服务器上的php.ini.但是，我已经弄清楚了如何通过使用

I don't have direct access to php.ini on the live server. I have, however, figured out how to unset the X-Powered-By header by using Header unset X-Powered-By in .htaccess, or header('X-Powered-By: ') in the PHP code.

是否还有其他方法可以禁用这些复活节彩蛋"，或者是否必须在主php.ini中更改此设置(这确实是禁用这些URL的正确/唯一方法)?

Is there any other way I can disable these "easter eggs", or do I have to get this setting changed in the main php.ini (and is that indeed the correct/only way to disable these URLs)?

推荐答案

一个快速的HTACCESS全局重写可以从每个URL中正则表达式确切的字符串，从而摆脱了PHP唯一有趣的部分，而无需触摸ini文件，也不需要功能在每个文件的开头.

A quick HTACCESS global rewrite could regex the exact string right out of every URL thus getting rid of the only fun part of PHP without touching the ini file nor needing a function at the beginning of every file.

尚未对此进行测试，但这应该可以工作:

Haven't tested this yet, but this should work:

RewriteEngine On
RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC]
RewriteRule .* - [F]

当然，只需为每个其他可能的查询复制最后两行，或编写一个更通用的正则表达式.我对正则表达式不好. :)

Of course, just copy the last 2 lines for each of the other possible queries, or write a more generic regex. I'm not good with regex. :)

此版本涵盖了所有的复活节彩蛋乐趣，并且被发现这里:

This version covers all of the easter egg fun and was found here:

RewriteEngine On
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
RewriteRule .* - [F]

这篇关于如何禁用PHP的“复活节彩蛋"?网址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！