ID: 40853 User updated by: ng4rrjanbiah at rediffmail dot com Reported By: ng4rrjanbiah at rediffmail dot com Status: Open Bug Type: Feature/Change Request PHP Version: 5.2.1 New Comment:
Is this request need any further input from me? Thanks, R. Rajesh Jeba Anbiah Previous Comments: ------------------------------------------------------------------------ [2007-03-20 14:31:24] ng4rrjanbiah at rediffmail dot com The function name can be get_script_env() instead of get_project_env() (for clarity, if you want) Thanks, R. Rajesh Jeba Anbiah ------------------------------------------------------------------------ [2007-03-19 13:52:18] ng4rrjanbiah at rediffmail dot com Description: ------------ Why needed: There is no reliable mechanism in PHP to get the current executing script name. $_SERVER['SCRIPT_FILENAME'] and $_SERVER['argv'][0] are not reliable now; the variables are again prone to tampering (say for example, any including scripts could override these global vars for that file scope). Implementation of this function might also solve XSS issues. How this function has to be implemented: If the current accessed URI is 'http://example.com/foo_project/foobar.php?php=1&ajax=0' get_project_env() returns 'current_uri' => 'http://example.com/foo_project/foobar.php?php=1&ajax=0', 'current_accessing_script' => '/foo_project/foobar.php', 'current_file' => '/foo_project/foobar.php', //will be different if the file is included (__FILE__) 'current_include_depth' => 0 //will be different if it's included by the accessing script What urged me to post this request: I have the file architecture something like: <?php //foo.php include './config.php'; include './license_check.php'; //blah... the rest of the proprietary codes. ?> All files except config.php and say foobar.php will be encrypted for proprietary reasons. I need to check if the accessing script is 'foobar.php' inside the license_check.php; see, the user can still access to the config.php and can tamper the $_SERVER--which is the only way now to get the current accessing script, AFA*I*K. In this case, if I have get_project_env(), it will return untampered current URI, accessing script, etc. This will be very helpful. Thanks, R. Rajesh Jeba Anbiah ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40853&edit=1
