Edit report at https://bugs.php.net/bug.php?id=51290&edit=1
ID: 51290 Updated by: [email protected] Reported by: dev at 10e12 dot net Summary: PHP.net Website Problem -Status: Verified +Status: Closed Type: Bug Package: Website problem Operating System: Win XP 32 w. Opera 9.1 PHP Version: Irrelevant -Assigned To: +Assigned To: bjori Block user comment: N Private report: N New Comment: That warning was fixed looong time ago Previous Comments: ------------------------------------------------------------------------ [2010-03-15 13:19:16] [email protected] Heh. I got that "WARNING: YOU MUST RE-UPLOAD YOUR PATCH, OR IT WILL BE IGNORED" warning too just now. I think its because I failed the CAPTCHA the first time... For the rest of your bug report - I have god honest no idea what you are talking about. ------------------------------------------------------------------------ [2010-03-13 05:44:13] dev at 10e12 dot net Description: ------------ I tried today to submit a note to the documentation section. Now your bug reporting system doesn't accept web error reporting either. It asks me for a patch??? OK Well I'm looking for a job so if you want me to patch your website, I'll apply for that too then. I will attach the post below so you can see if it accidentally hit you more than once. First of all the script complains that the line breaks did not catch properly and I have to reconfirm being human 5 times. In the end the script entry looks like it's formatted for a MOBI server rather than a .NET server. After all, 99.9% of all my site visitors use 1280x1024 or greater in resolution so it feels a bit iffy to struggle on this rudimentary part. Once I got through, the site hung. It just simply would not load the page to confirm the posting was successful for about 4 or 5 minutes. I had time enough to find the bug report section, search it and end up here before it went through. Test script: --------------- The page I submitted was... (in re: http://php.net/manual/en/reserved.variables.php ) --------------------------------------------------------- This spawns off of [Typer85 at gmail dot com] 18-Feb-2008 11:56 below mentioning some oddities about how PHP_SELF worked in tests. I believe you may have a fault in your windows setup. I run Apache 2.2.1 and PHP 5.2.8 on Win XP SP 3 32-bit just fine so the following is written on a Win machine intended to work on NIX boxes as well but I have yet to test this solution. The only difference is the filepath in __FILE__ which shows / instead of \ I hope this will help some newbies too, to find their way around these things. The following should mitigate issues with $_SERVER[PHP_SELF] vs. __FILE__ The potential use for this code: Add the code to the very beginning of an included file and you won't have problems with people trying to execute script paths which should only be INCLUDES in your other pages. Windows styled return on Apache Windows The Calling File--- PHP_SELF --> /xr/index.php The Included File--- __FILE__ --> C:\Program\Apache2.2\htdocs\subpath\included.php <?php /* ------------------------------------------------- NOTE! The script must be entered into the script page you want to protect. It cannot run as an Include as this would cause __FILE__ to always record the included file and not the script page you wish to protect. ------------------------------------------------- */ $XProtect = __FILE__; $pos =strripos($XProtect,'\\'); if ($pos === false){ $pos =strripos($XProtect,'/'); if ($pos !== false){ //get end of string based on NIX filesystem $XProtect = substr($XProtect,$pos+1); }else{ //now this is odd, you don't have a filesystem ??? /*leave as is & drop out or exit here if you want... you decide*/ } }else{ //must be a windows system //get end of string based on WIN filesystem $XProtect = substr($XProtect,$pos+1); } // keep only end of file according to PHP_SELF for check $XFileExec = substr($_SERVER['PHP_SELF'], strlen($_SERVER['PHP_SELF'])-strlen($XProtect)); //here comes the protective part... //bail if calling page is the script itself if ($XFileExec===$XProtect){Exit;} ?> Expected result: ---------------- less errors Actual result: -------------- to many errors ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=51290&edit=1 -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
