如何禁用 PHP 的“复活节彩蛋”网址?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10458610/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I disable PHP's "easter egg" URLs?
提问by Wesley Murch
I recently found out about the so-called "easter egg URLs"in PHP:
我最近发现了PHP 中所谓的“复活节彩蛋 URL”:
These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or web page:
这些是四个 QUERY 字符串,您可以添加到 PHP 网页的末尾以查看(有点)隐藏的图像或网页:
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
This one is the most interesting, and displays an "easter egg" image of either a rabbit in a house (Sterling Hughes' rabbit, named Carmella), a brown dog in the grass, a black Scottish Terrier dog, a sloppy child hand-drawn, crayon-colored php logo, a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus, or a PHP elephant logo.
这个是最有趣的,它展示了一个“复活节彩蛋”图像,要么是房子里的兔子(斯特林休斯的兔子,名叫卡梅拉),要么是草地上的棕色狗,要么是黑色的苏格兰梗犬,要么是一只邋遢的孩子手——绘制的蜡笔色 php 徽标、一个像海象一样从嘴里伸出面包棒(看起来像铅笔或炸薯条)的家伙,或者是 PHP 大象徽标。
Others include:
其他包括:
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42(PHP Logo)?=PHPE9568F35-D428-11d2-A769-00AA001ACF42(Zend logo)?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000(PHP Credits)
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42(PHP 标志)?=PHPE9568F35-D428-11d2-A769-00AA001ACF42(禅德标志)?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000(PHP 积分)
I was shocked to discover that this does work on a lot of websites, including my own. I think this is idiotic and want to disable it, but from what I hear the only way to do it is in php.ini with expose_php = Off, and it can't be set at runtimewith ini_set().
我震惊地发现这在很多网站上都有效,包括我自己的。我认为这是愚蠢的,想要禁用它,但据我所知,唯一的方法是在 php.ini 中使用expose_php = Off,并且不能在运行时使用ini_set().
I don't have direct access to php.ini on the live server.I have, however, figured out how to unset the X-Powered-Byheader by using Header unset X-Powered-Byin .htaccess, or header('X-Powered-By: ')in the PHP code.
我无法直接访问实时服务器上的 php.ini。但是,我已经弄清楚如何X-Powered-By通过使用Header unset X-Powered-Byin.htaccess或header('X-Powered-By: ')在 PHP 代码中取消设置标头。
Is there any other way I can disable these "easter eggs", or do I have to get this setting changed in the main php.ini(and is that indeed the correct/only way to disable these URLs)?
有没有其他方法可以禁用这些“复活节彩蛋”,或者我是否必须在主要更改此设置php.ini(这确实是禁用这些 URL 的正确/唯一方法)?
采纳答案by DanRedux
A quick HTACCESS global rewrite could regex the exact string right out of every URL thus getting rid of the only fun part of PHP without touching the ini file nor needing a function at the beginning of every file.
快速的 HTACCESS 全局重写可以将每个 URL 中的确切字符串进行正则表达式,从而摆脱 PHP 唯一有趣的部分,而无需触及 ini 文件,也不需要每个文件开头的函数。
Haven't tested this yet, but this should work:
尚未对此进行测试,但这应该有效:
RewriteEngine On
RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC]
RewriteRule .* - [F]
Of course, just copy the last 2 lines for each of the other possible queries, or write a more generic regex. I'm not good with regex. :)
当然,只需为每个其他可能的查询复制最后 2 行,或者编写更通用的正则表达式。我不擅长正则表达式。:)
This version covers all of the easter egg fun and was found here:
RewriteEngine On
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
RewriteRule .* - [F]
回答by Ryan
in php.ini
在 php.ini
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off
This will effectively remove the easter eggs
这将有效地去除复活节彩蛋
回答by chiliNUT
Update: This is removed in PHP 5.5, note how these links no longer work on php.net
更新:这在 PHP 5.5 中被删除,注意这些链接如何在 php.net 上不再工作
回答by Martin Cross
Not sure about your case, but it's work for my site. Hope, it will work for your site as well as.
不确定您的情况,但它适用于我的网站。希望它也适用于您的网站。
RewriteEngine On
RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC]
RewriteRule .* - [F]
Of course, just copy the last 2 lines for each of the other possible queries or write a more generic regex. I'm not good with regex. :)
当然,只需为每个其他可能的查询复制最后 2 行或编写更通用的正则表达式。我不擅长正则表达式。:)
