Trying to find info about this, but searching for '///' or for 'tripple
slash' doesn't provide relevant answers. Can anyone please point me in the
right direction?
A simple script, called debug.php, shows some variables. I can call this
script using http://server/debug/show.php or using http://server/debug/show
Also I can add more to the URL, and the script is still called. So far so
good.
_SERVER["REQUEST_UR I"]=/debug/show/a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show.php
_SERVER["REQUEST_UR I"]=/debug/show//a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show.php
The problem starts when adding three or more slashes:
_SERVER["REQUEST_UR I"]=/debug/show///a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show/show.php
See how script_name suddenly has an extra '/show' in it?
This doesn't happen when I use the full script name:
_SERVER["REQUEST_UR I"]=/debug/show.php///a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show.php/
Is this a bug, or is this expected behaviour?
I also see a problem with PHP_SELF on one machine but not on another:
_SERVER["REQUEST_UR I"]=/debug/show.php
_SERVER["PHP_SELF"]=/debug/show.php
_SERVER["REQUEST_UR I"]=/debug/show.php/
_SERVER["PHP_SELF"]=/
Please point me into the right direction, currently I have no idea if I have
to look at apache's configuration, PHP, or if this is expected behaviour
(and, if so, why).
TIA 8 1814
mijn naam schreef:
Trying to find info about this, but searching for '///' or for 'tripple
slash' doesn't provide relevant answers. Can anyone please point me in
the right direction?
A simple script, called debug.php, shows some variables. I can call
this script using http://server/debug/show.php or using http://server/debug/show
Also I can add more to the URL, and the script is still called. So far
so good.
_SERVER["REQUEST_UR I"]=/debug/show/a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show.php
_SERVER["REQUEST_UR I"]=/debug/show//a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show.php
The problem starts when adding three or more slashes:
_SERVER["REQUEST_UR I"]=/debug/show///a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show/show.php
See how script_name suddenly has an extra '/show' in it?
This doesn't happen when I use the full script name:
_SERVER["REQUEST_UR I"]=/debug/show.php///a/b/c
_SERVER["SCRIPT_NAM E"]=/debug/show.php/
Is this a bug, or is this expected behaviour?
I also see a problem with PHP_SELF on one machine but not on another:
_SERVER["REQUEST_UR I"]=/debug/show.php
_SERVER["PHP_SELF"]=/debug/show.php
_SERVER["REQUEST_UR I"]=/debug/show.php/
_SERVER["PHP_SELF"]=/
Please point me into the right direction, currently I have no idea if I
have to look at apache's configuration, PHP, or if this is expected
behaviour (and, if so, why).
TIA
Hi,
I bet you are using mod_rewrite for apache.
Have a look at the rewrite rules and conditions in your apache config.
Post it here if you are in doubt. Or better here: alt.apache.conf iguration
Good luck.
Regards,
Erwin Moller
--
=============== =============
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
=============== =============
"Erwin Moller"
<Si************ *************** *************** @spamyourself.c omschreef in
bericht news:48******** *************@n ews.xs4all.nl.. .
I bet you are using mod_rewrite for apache.
Have a look at the rewrite rules and conditions in your apache config.
Post it here if you are in doubt. Or better here: alt.apache.conf iguration
Thanks but no.
One machine is the provider's. I cannot look there.
The other one is my home box, this one doesn't do rewriting AFACT. Just to
be sure: I placed RewriteLogLevel 2 and RewriteLog logs/rewrite in the
config and that log stays empty.
Then I commented everything having to do with rewriting out, and restarted
apache. Before and after the following happens on my machine:
_SERVER["REQUEST_UR I"]=/debug/one/two///three/four
_SERVER["SCRIPT_NAM E"]=/debug/one/two/debug.php
_SERVER["PHP_SELF"]=/debug/one/two/debug.php/one/two/three/four
"Erwin Moller"
<Si************ *************** *************** @spamyourself.c omschreef in
bericht news:48******** *************@n ews.xs4all.nl.. .
>
mijn naam schreef:
>"Erwin Moller" <Si*********** *************** *************** *@spamyourself. comschreef in bericht news:48******** *************@n ews.xs4all.nl.. .
>>I bet you are using mod_rewrite for apache. Have a look at the rewrite rules and conditions in your apache config. Post it here if you are in doubt. Or better here: alt.apache.co nfiguration
Thanks but no.
One machine is the provider's. I cannot look there.
The other one is my home box, this one doesn't do rewriting AFACT. Just to be sure: I placed RewriteLogLevel 2 and RewriteLog logs/rewrite in the config and that log stays empty.
Then I commented everything having to do with rewriting out, and restarted apache. Before and after the following happens on my machine:
_SERVER["REQUEST_UR I"]=/debug/one/two///three/four _SERVER["SCRIPT_NAM E"]=/debug/one/two/debug.php _SERVER["PHP_SELF"]=/debug/one/two/debug.php/one/two/three/four
Hi Stranger,
And what URL are you feeding excactly that gives the above result?
http://hostname/debug/one/two///three/four
in other words: http://{$_SERVER["SERVER_NAM E"]}{$_SERVER["REQUEST_UR I"]}
And secondly: What is it excactly you are trying to achieve?
Do you have an actual problem or is this just research?
I'm writing a script which is going to be used to find files in a directory
structure. That script looks like a subdirectory in the normal tree.
E.g. http://servername/content/a/b/c/d will look at
/home/user/private_html/a/b/c/d
While testing my script with various different problems ('never trust user
input') I found the problem I'm trying to tackle.
I was using _SERVER["SCRIPT_NAM E"] but obviously I run into trouble if I
can't rely on its contents.
The only workaround I've found so far is to
redirect(ereg_r eplace('///*','/',$_SERVER["REQUEST_UR I"])) in case I find
two slashes in a row in request_uri. Not a nice solution but it seems to do
the job.
PS: Please 'mijn naam', use a (real) name, that makes conversations in
here a bit more pleasant. ;-)
Just call me 'Mijn'. No problem.
mijn naam schreef:
"Erwin Moller"
<Si************ *************** *************** @spamyourself.c omschreef
in bericht news:48******** *************@n ews.xs4all.nl.. .
>> mijn naam schreef:
>>"Erwin Moller" <Si********** *************** *************** **@spamyourself .com> schreef in bericht news:48******** *************@n ews.xs4all.nl.. .
I bet you are using mod_rewrite for apache. Have a look at the rewrite rules and conditions in your apache config. Post it here if you are in doubt. Or better here: alt.apache.c onfiguration
Thanks but no.
One machine is the provider's. I cannot look there.
The other one is my home box, this one doesn't do rewriting AFACT. Just to be sure: I placed RewriteLogLevel 2 and RewriteLog logs/rewrite in the config and that log stays empty.
Then I commented everything having to do with rewriting out, and restarted apache. Before and after the following happens on my machine:
_SERVER["REQUEST_UR I"]=/debug/one/two///three/four _SERVER["SCRIPT_NAM E"]=/debug/one/two/debug.php _SERVER["PHP_SELF"]=/debug/one/two/debug.php/one/two/three/four Hi Stranger,
And what URL are you feeding excactly that gives the above result?
Hi Mijn, http://hostname/debug/one/two///three/four
in other words: http://{$_SERVER["SERVER_NAM E"]}{$_SERVER["REQUEST_UR I"]}
OK, that makes sense then for $_SERVER["REQUEST_UR I"].
I don't see how/why PHP fills $_SERVER["PHP_SELF"] with:
/debug/one/two/debug.php/one/two/three/four
for that URL if you don't play with mod_rewrite.
Your url: http://hostname/debug/one/two///three/four
DOESN'T name any php script, so HOW is this fed to a PHP script without
mod_rewrite???
Are you sure you are telling the whole story?
>
>And secondly: What is it excactly you are trying to achieve? Do you have an actual problem or is this just research?
I'm writing a script which is going to be used to find files in a
directory structure. That script looks like a subdirectory in the normal
tree.
E.g. http://servername/content/a/b/c/d will look at
/home/user/private_html/a/b/c/d
While testing my script with various different problems ('never trust
user input') I found the problem I'm trying to tackle.
I was using _SERVER["SCRIPT_NAM E"] but obviously I run into trouble if I
can't rely on its contents.
The only workaround I've found so far is to
redirect(ereg_r eplace('///*','/',$_SERVER["REQUEST_UR I"])) in case I
find two slashes in a row in request_uri. Not a nice solution but it
seems to do the job.
What about simply dismissing a request that has more than one / in the URL?
That must be an invalid request, since (I expect) you deliver the
directorylinks yourself, and thus correctly formatted.
>
>PS: Please 'mijn naam', use a (real) name, that makes conversations in here a bit more pleasant. ;-)
Just call me 'Mijn'. No problem.
Fine I will call you Mijn.
It just feels a little too intimate since I am Dutch too. ;-)
Regards,
Erwin Moller
--
=============== =============
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
=============== =============
"Erwin Moller"
<Si************ *************** *************** @spamyourself.c omschreef in
bericht news:48******** *************@n ews.xs4all.nl.. .
>http://hostname/debug/one/two///three/four
in other words: http://{$_SERVER["SERVER_NAM E"]}{$_SERVER["REQUEST_UR I"]}
OK, that makes sense then for $_SERVER["REQUEST_UR I"].
I don't see how/why PHP fills $_SERVER["PHP_SELF"] with:
/debug/one/two/debug.php/one/two/three/four
for that URL if you don't play with mod_rewrite.
I'm sure I disabled mod_rewrite. At the server restart, apache complained
"Invalid command 'RewriteLog', perhaps mis-spelled or defined by a module
not included in the server configuration" ( I forgot to remove one such
line at first).
Your url: http://hostname/debug/one/two///three/four
DOESN'T name any php script, so HOW is this fed to a PHP script without
mod_rewrite???
the php script is debug.php ...
Are you sure you are telling the whole story?
.... and apache is setup with options MultiViews. I didn't hide that on
purpose.
What about simply dismissing a request that has more than one / in the
URL?
That must be an invalid request, since (I expect) you deliver the
directorylinks yourself, and thus correctly formatted.
That would also be an option. However: nobody's perfect, a mistake is easily
made e.g. $ptr="./{$dir}/{$path}"; what if path starts with a slash, dir
starts or ends with a slash, dir is empty, and so on. Apache couldn't care
less and will happily serve .///something/different.html
mijn naam wrote:
"Erwin Moller"
<Si************ *************** *************** @spamyourself.c omschreef
in bericht news:48******** *************@n ews.xs4all.nl.. .
>>http://hostname/debug/one/two///three/four
in other words: http://{$_SERVER["SERVER_NAM E"]}{$_SERVER["REQUEST_UR I"]}
OK, that makes sense then for $_SERVER["REQUEST_UR I"].
I don't see how/why PHP fills $_SERVER["PHP_SELF"] with: /debug/one/two/debug.php/one/two/three/four for that URL if you don't play with mod_rewrite.
I'm sure I disabled mod_rewrite. At the server restart, apache
complained "Invalid command 'RewriteLog', perhaps mis-spelled or defined
by a module not included in the server configuration" ( I forgot to
remove one such line at first).
>Your url: http://hostname/debug/one/two///three/four DOESN'T name any php script, so HOW is this fed to a PHP script without mod_rewrite???
the php script is debug.php ...
>Are you sure you are telling the whole story?
... and apache is setup with options MultiViews. I didn't hide that on
purpose.
>What about simply dismissing a request that has more than one / in the URL? That must be an invalid request, since (I expect) you deliver the directorylin ks yourself, and thus correctly formatted.
That would also be an option. However: nobody's perfect, a mistake is
easily made e.g. $ptr="./{$dir}/{$path}"; what if path starts with a
slash, dir starts or ends with a slash, dir is empty, and so on. Apache
couldn't care less and will happily serve .///something/different.html
Note that two slashes, as in http:// is part of the protocol.
If I serve http://some_domain.com//some_path, this will look like http://some_domain.com/http://somepath, or something like that..
I've stayed out of this thread because I'm hazy on this, but you
should be aware that serving two slashes will be interpreted differently
than what you want, it is not directory separator.
Jeff
>
"Jeff" <jeff@spam_me_n ot.comschreef in bericht
news:4p******** *************** *******@earthli nk.com...
mijn naam wrote:
>"Erwin Moller" <Si*********** *************** *************** *@spamyourself. comschreef in bericht news:48******** *************@n ews.xs4all.nl.. .
>>>http://hostname/debug/one/two///three/four
in other words: http://{$_SERVER["SERVER_NAM E"]}{$_SERVER["REQUEST_UR I"]}
OK, that makes sense then for $_SERVER["REQUEST_UR I"].
I don't see how/why PHP fills $_SERVER["PHP_SELF"] with: /debug/one/two/debug.php/one/two/three/four for that URL if you don't play with mod_rewrite.
I'm sure I disabled mod_rewrite. At the server restart, apache complained "Invalid command 'RewriteLog', perhaps mis-spelled or defined by a module not included in the server configuration" ( I forgot to remove one such line at first).
>>Your url: http://hostname/debug/one/two///three/four DOESN'T name any php script, so HOW is this fed to a PHP script without mod_rewrite?? ?
the php script is debug.php ...
>>Are you sure you are telling the whole story?
... and apache is setup with options MultiViews. I didn't hide that on purpose.
>>What about simply dismissing a request that has more than one / in the URL? That must be an invalid request, since (I expect) you deliver the directorylink s yourself, and thus correctly formatted.
That would also be an option. However: nobody's perfect, a mistake is easily made e.g. $ptr="./{$dir}/{$path}"; what if path starts with a slash, dir starts or ends with a slash, dir is empty, and so on. Apache couldn't care less and will happily serve .///something/different.html
Note that two slashes, as in http:// is part of the protocol.
If I serve http://some_domain.com//some_path, this will look like http://some_domain.com/http://somepath, or something like that..
I've stayed out of this thread because I'm hazy on this, but you should
be aware that serving two slashes will be interpreted differently than
what you want, it is not directory separator.
Not on the apache servers I'm dealing with. You could be right for other
servers.
Anyway, I'm trying to have proper URL's on my end, and at the same time I
want to be prepared if anyone/anybot is trying trickery on me.
For now I'll use that workaround of redirecting to a cleaned up version of
the URI.
But I still would appreciate any insight on the problem I found.
mijn naam schreef:
"Erwin Moller"
<Si************ *************** *************** @spamyourself.c omschreef
in bericht news:48******** *************@n ews.xs4all.nl.. .
>>http://hostname/debug/one/two///three/four
in other words: http://{$_SERVER["SERVER_NAM E"]}{$_SERVER["REQUEST_UR I"]}
OK, that makes sense then for $_SERVER["REQUEST_UR I"].
I don't see how/why PHP fills $_SERVER["PHP_SELF"] with: /debug/one/two/debug.php/one/two/three/four for that URL if you don't play with mod_rewrite.
I'm sure I disabled mod_rewrite. At the server restart, apache
complained "Invalid command 'RewriteLog', perhaps mis-spelled or defined
by a module not included in the server configuration" ( I forgot to
remove one such line at first).
>Your url: http://hostname/debug/one/two///three/four DOESN'T name any php script, so HOW is this fed to a PHP script without mod_rewrite???
the php script is debug.php ...
>Are you sure you are telling the whole story?
... and apache is setup with options MultiViews. I didn't hide that on
purpose.
Aaah, Multiviews.
You should have mentioned that earlier.
That must be your problemobfuscat or. ;-)
This is what my apache2 tell me (PHP5) when I request: http://www.example.com/test.php/one///two/three
[REQUEST_URI] =/test.php/one///two/three
[PHP_SELF] =/test.php/one///two/three
And I don't use Multiviews.
As you can see, both URI and PHP_SELF contain what you (or at least I)
expected.
I am no expert on Multiviews, but I expect your problem originates
there. Maybe you can configure them differently, or use mod_rewrite
instead if that is an option.
(You can mimic your desired multiview behaviour with mod_rewrite if you
just think up a smart match for the url.)
Good luck.
Regards,
Erwin Moller
>
>What about simply dismissing a request that has more than one / in the URL? That must be an invalid request, since (I expect) you deliver the directorylin ks yourself, and thus correctly formatted.
That would also be an option. However: nobody's perfect, a mistake is
easily made e.g. $ptr="./{$dir}/{$path}"; what if path starts with a
slash, dir starts or ends with a slash, dir is empty, and so on. Apache
couldn't care less and will happily serve .///something/different.html
--
=============== =============
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
=============== ============= This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Peter |
last post by:
Has anyone made a simple tripple des encryption function?
I'm looking for a function to pass a string into with a password and
generate an encrypted output. That's it.
IE. Public Function EncryptMe (StringtoEncrypt, Password)as string
End Function
Public Function DecryptMe (StringtoDecrypt, Password)as string
|
by: gmax2006 |
last post by:
Hi,
I am developing scripts that must run on both Linux and windows.
My scripts contain lots of relative paths (such as log\\log.txt or
ctl\\table.ctl) If I use os.sep, it makes the code ugly. Is there any
tips or techniques to have Python automatically converts \\ to / when
the script runs on Linux? What is the best way to deal with this
situation?
|
by: Dave Cullen |
last post by:
Hello C
I have a project that requires a calculated "key" to be used in a security
access application. The customer supplies a secret 8 byte number that gets
combined with the serial number of the access card to provide a unique
access key for that card.
They've specified that the encryption method (called "diversification") is
something called Tripple DES. I'm not a crypto weenie, just a software guy.
My research on this has led me...
|
by: Farooq Ahmad |
last post by:
Dear All,
I am in problem of implimenting Tripple DES (3DES) (ECB Mode)
Encyption in vaisal basic 6.0.
Can Anybody help me in this regard.
Any Source Code OR DLL libarary.
Thank In Advance.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |