如何在 PHP 中识别请求的页面
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/980018/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How To Identify The Requested Page In PHP
提问by dimo414
Is there any easy way to identify the file initially handling the request, ignoring get arguments and handling (at least basic) mappings like /to /index.php?
有没有什么简单的方法可以识别最初处理请求的文件,忽略获取参数和处理(至少是基本的)映射,比如/to /index.php?
Ideally what I'm looking for is something like $_SERVER['REQUEST_URI'], except it returns the same value regardless of the get arguments and that value is the file requested, not the URI, nor the currently executing file ($_SERVER['PHP_SELF']). In other words, a $_SERVER['REQUESTED_FILE']or something. I haven't seen anything like that. Does it exist, or do I need to write something manually?
理想情况下,我正在寻找的是类似于$_SERVER['REQUEST_URI'],除了它返回相同的值而不管 get 参数如何,并且该值是请求的文件,而不是 URI,也不是当前正在执行的文件 ( $_SERVER['PHP_SELF'])。换句话说,一个$_SERVER['REQUESTED_FILE']或某物。我没见过那样的东西。它是否存在,还是我需要手动编写一些东西?
UpdateHere are some example URLs paired with what I would like the result to be:
更新以下是一些与我希望结果配对的示例 URL:
example.com/mypage.php : /mypage.php
example.com/ : /index.php
example.com/foo/?hello=world : /foo/index.php
And these return values are true even in included files. See my answer below before answering, I think I've found what I was looking for.
即使在包含的文件中,这些返回值也是真实的。在回答之前请参阅下面的答案,我想我已经找到了我要找的东西。
回答by dimo414
I decided to test it out myself. The $_SERVER['SCRIPT_NAME']variable serves up the path to the requested file, even if it's an index file, and without get parameters or anything else. The PHP documentation states this contains the pathof the file, but it seems to be relative to the document root, just like PHP_SELF, but without the security vulnerability.
我决定自己测试一下。该$_SERVER['SCRIPT_NAME']变量提供了所请求文件的路径,即使它是一个索引文件,并且没有获取参数或其他任何东西。PHP 文档声明这包含文件的路径,但它似乎是相对于文档根目录的,就像PHP_SELF,但没有安全漏洞。
Here is the code I used to test this: https://gist.github.com/dimo414/5484870
这是我用来测试的代码:https: //gist.github.com/dimo414/5484870
The output when requesting example.com/?foo=bar:
请求时的输出example.com/?foo=bar:
__FILE__: /var/www/index.php
PHP_SELF: /index.php
SCRIPT_NAME: /index.php
REQUEST_URI: /?foo=bar
parse_url(REQUEST_URI): /
__FILE__: /var/www/pathtest.php
PHP_SELF: /index.php
SCRIPT_NAME: /index.php
REQUEST_URI: /?foo=bar
parse_url(REQUEST_URI): /
And the output when requesting example.com/index.php/<strong>XSS</strong>:
以及请求时的输出example.com/index.php/<strong>XSS</strong>:
__FILE__: /var/www/index.php
PHP_SELF: /index.php/XSS # note the XSS exploit (this is bold in browser)
SCRIPT_NAME: /index.php # No exploit here
REQUEST_URI: /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E
__FILE__: /var/www/pathtest.php
PHP_SELF: /index.php/XSS
SCRIPT_NAME: /index.php
REQUEST_URI: /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E
As you can see, $_SERVER['SCRIPT_NAME']always gives back the file that originally handled the request, i.e. the file in the URL, without any XSS risks.
如您所见,$_SERVER['SCRIPT_NAME']始终返回最初处理请求的文件,即 URL 中的文件,没有任何 XSS 风险。
回答by Oli
$_SERVER['PHP_SELF']
Should return the actual script. But there are various methods.
应该返回实际的脚本。但是有各种各样的方法。
I had a better link to a matrix of all the various file-related environment variables but I can't find it. I'll edit if it turns up.
我有一个更好的链接到所有各种文件相关的环境变量的矩阵,但我找不到它。如果它出现,我会编辑。
Edit: I found a nice SO thread that details the differences between them.
编辑:我发现了一个很好的 SO 线程,详细说明了它们之间的差异。
回答by Somnath
Go get file name from the requested URL use following code.
使用以下代码从请求的 URL 中获取文件名。
basename($_SERVER['URL']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['SCRIPT_NAME']);
basename($_SERVER['SCRIPT_FILENAME']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['PATH_TRANSLATED']);
basename($_SERVER['PHP_SELF']);
use any one all all of those in the nested if condition so you will not miss file name any how.
在嵌套的 if 条件中使用任何一个所有这些,这样你就不会错过任何文件名。
回答by Jet
parse_url($_SERVER['REQUEST_URI'])and thenpathinfo($path)to get requested filename$_SERVER['PHP_SELF']to get real filename$_SERVER['SCRIPT_NAME']to get real filename
parse_url($_SERVER['REQUEST_URI'])然后pathinfo($path)获取请求的文件名$_SERVER['PHP_SELF']获取真实文件名$_SERVER['SCRIPT_NAME']获取真实文件名
回答by Ashman Malhotra
Its very old question and not very clear too. What I understood is that you want to know which page is sending request GET/POST. This can be implemented by:
它的问题很老,也不是很清楚。我的理解是,您想知道哪个页面正在发送请求 GET/POST。这可以通过以下方式实现:
$_SERVER['HTTP_REFERER']
$_SERVER['HTTP_REFERER']
Now, to get the actual page name, write like: = basename($_SERVER['HTTP_REFERER']);
现在,要获取实际的页面名称,请编写如下: = basename($_SERVER['HTTP_REFERER']);
This will solve you concern.
这将解决您的担忧。
