On Dec 29, 2006, at 2:00 PM, Dan Cech wrote:
I always use the __FILE__ constant. Can't be touched by user
input. The
basename() and dirname() are handy to use along with it.
The problem comes when you're attempting to construct the correct
absolute URL for a given file. When running php as a cgi there
doesn't
seem to be a method of achieving this securely, as in this setup
$_SERVER['SCRIPT_NAME'] will contain the php interpreter, like '/
php-cgi'.
What about using $_SERVER['DOCUMENT_ROOT'] like this?
$absoluteUrl = str_replace($_SERVER['DOCUMENT_ROOT'], '', __FILE__);
You should probably use preg_replace() to make sure it only strips
off the beginning of the string, but you get the idea. I don't know
how reliable DOCUMENT_ROOT is, but you could get around that by
explicitly providing the document root for your site as a
configurable constant.
define('MYSITE_DOC_ROOT', '/path/to/site/root');
$absoluteUrl = preg_replace('#^'.MYSITE_DOC_ROOT.'#', '', __FILE__);
-- Dell
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
