On Sun, Jan 29, 2012 at 5:38 PM, Tedd Sperling <tedd.sperl...@gmail.com> wrote:
> On Jan 27, 2012, at 12:45 PM, Adam Richardson wrote:
>> On Fri, Jan 27, 2012 at 12:09 PM, Tedd Sperling <tedd.sperl...@gmail.com>
>> On Jan 11, 2012, at 9:24 PM, tamouse mailing lists wrote:
>> > Is there ever a case where SCRIPT_NAME does not equal PHP_SELF?
>> Was this every answered? I would like to know.
>> Yep, can be different:
> I should have been more clear -- I understand:
> [PHP_SELF] => /test.php/foo/bar
> [SCRIPT_NAME] => /test.php/
> by practice is different.
> I should have used basename() in my question.
> The main point I was trying to get was which one is more secure and not
> subject to cross-site scripting or other such security issues?
> IOW, if you had to bet your life on it, which would be most secure in
> reporting an accurate basename()?
I don't think basename() makes much sense here, does it?
basename($_SERVER['PHP_SELF']) would give bar on your first example.
To answer your question about XSS or other security issues, it all
depends on how you use the info afterwards.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php