Daniel Convissor wrote: > On Fri, Dec 29, 2006 at 11:13:00AM -0500, Dan Cech wrote: >> I'm not 100% sure what the solution to this problem is. Right now the >> only thing I can think of is to try and figure out the common part of >> PHP_SELF and SCRIPT_NAME, so as to drop both the extra filesystem info >> and any url garbage, but that seems pretty fragile to me. > > I always use the __FILE__ constant. Can't be touched by user input. The > basename() and dirname() are handy to use along with it.
Yes, If you want the full filename (including filesystem path) __FILE__ is indispensable, and basename(__FILE__) is the best way to get the name of the currently running script. The problem comes when you're attempting to construct the correct absolute URL for a given file. When running php as a cgi there doesn't seem to be a method of achieving this securely, as in this setup $_SERVER['SCRIPT_NAME'] will contain the php interpreter, like '/php-cgi'. Bottom line is that if your script will be run under php-cgi you must not use SCRIPT_NAME, so we're back to square one. Dan _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
