Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Feb 2007
    Location
    London
    Posts
    225
    Thanks
    16
    Thanked 2 Times in 2 Posts

    Can $_SERVER['DOCUMENT_ROOT'] be trusted?

    I keep reading that we can't always trust what's returned in $_SERVER.

    That's fine, but I'm still unclear, however, whether this applies to all its values, or only to some.

    Is $_SERVER['DOCUMENT_ROOT'] foolproof, for example, or should I be wary of depending on it for finding absolute paths?

  • #2
    Regular Coder xconspirisist's Avatar
    Join Date
    Jun 2006
    Location
    Great Britain.
    Posts
    138
    Thanks
    1
    Thanked 6 Times in 6 Posts
    On the whole, $_SERVER can be trusted to be accurate, but may contain dangerous values. DOCUMENT_ROOT should always be sane because it is a local filesystem path that does not come from the client. Bare in mind that keys such as REQUEST_URI, are essentially provided by the client and should be filtered.

    DOCUMENT_ROOT is defined in your configuration file, so, do you trust yourself?

    http://uk2.php.net/manual/en/reserve...les.server.php
    If I have been helpful, use the "thank" button - It makes me happy!

    xconspirisist.co.uk - homepage of my online alias
    technowax.net - a community for people interested in all forms of modern technology.

  • #3
    Regular Coder
    Join Date
    Feb 2007
    Location
    London
    Posts
    225
    Thanks
    16
    Thanked 2 Times in 2 Posts
    DOCUMENT_ROOT is defined in your configuration file, so, do you trust yourself?
    LOL.

    Well, that's thrown me!

    I've been using the constants DOCUMENT_ROOT and SERVER_NAME on the presumption that they're inbuilt constants of PHP's, and were somehow being calculated by PHP for me.
    Are you telling me that they are defined in php.ini ?

    While we're at it, I'd appreciate someone giving the following the once-over... Any suggestions for improvements / words of caution about calculating these constants as I'm doing?

    PHP Code:
    define('ABS_ROOT'$_SERVER['DOCUMENT_ROOT'].DIRECTORY_SEPARATOR);
    //= /home/user/public_html/domain/

    define('ROOT'substr($_SERVER['DOCUMENT_ROOT'], (strrpos($_SERVER['DOCUMENT_ROOT'], '/')+1)).DIRECTORY_SEPARATOR);
    //= domain/

    define('URL''http://'.$_SERVER['SERVER_NAME'].DIRECTORY_SEPARATOR);
    //= http://www.domain/

    define('DOMAIN', (substr($_SERVER['SERVER_NAME'], 04) != 'www.') ? $_SERVER['SERVER_NAME'] : substr($_SERVER['SERVER_NAME'], 4));
    //= domain

    define('SHARED'ABS_ROOT.'shared'.DIRECTORY_SEPARATOR);
    //= /home/user/public_html/domain/shared/  ("shared/" being a symlink) 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •