FUDforum: comp.lang.php » Good code or bad code?

Home » Imported messages » comp.lang.php » Good code or bad code?

Show: Today's Messages :: Polls :: Message Navigator

Re: Good code or bad code? [message #170189 is a reply to message #170187]

Sun, 17 October 2010 13:12

MikeB
Messages: 65
Registered: September 2010

Karma:

Member

Jerry Stuckle wrote:
> On 10/17/2010 12:20 AM, MikeB wrote:
>> I'm mostly playing with PHP to get a feeling for coding in it.
>>
>> So as part of all this URI/URL/redirect stuff I spent some time looking
>> at the contents of $_SERVER and I came up with this code to find the
>> filename of the file I'm invoked from. Now one condition that I wanted
>> to cater for was if the filename had multiple "."s in the name, for
>> instance myfile.inc.php, or something like this.
>>
>> So I came up with this piece of code.
>>
>> $uriParts = explode("/",$_SERVER['REQUEST_URI']);
>> $thisFile = substr(end($uriParts),0,(strlen(end($uriParts))) -
>> (strlen(end($uriParts))- strrpos(end($uriParts),'.')));
>>
>> So I was wondering if that is good code or if I could have written it
>> better, since looking at it it is quite hard to understand.
>>
>> Thanks
>> MikeB
>>
>> I'll go away again for a while after this, I probably have been relying
>> on all y'alls good graces too much again.
>
> In addition to what Hammish said, this information is sent by the
> browser and cannot be trusted. Some browsers may not send it, and if it
> is sent, it may be falsified (i.e. by a hacker).
>

I said I would shut up for a while, but now you bring up something else.

I wrote that code to find the fiilename (eg. index) so that I could
dynamically derive the name of an accompanying template file.

So if I'm running from index.php, I could derive index.tpl for a Smarty
template to accompany the php file.

If a hacker falsifies this, the template won't match the php file
creating the output and the page (s)he sees will be all messed up.

so that brings up two questions:

1. Is there a better way to dynamically derive a base filename? Eg. Is
there a php function that I can use to get the name of the executing
file? That may be better/safer then.

2. Is the risk of this being hacked sufficient that I should rather
statically code the template filename and then go through the hassle of
recoding the name every time I change (or move) the base file around?

I'm not sure that there is an risk to a website if the Smarty template
gets messed up, but I can see that there might be other uses that could
me more risky, so I'll certainly bear that in mind.

Report message to a moderator

[Message index]

		Good code or bad code? By: MikeB on Sun, 17 October 2010 04:20
		Re: Good code or bad code? By: Hamish Campbell on Sun, 17 October 2010 06:33
		Re: Good code or bad code? By: MikeB on Sun, 17 October 2010 13:25
		Re: Good code or bad code? By: Jerry Stuckle on Sun, 17 October 2010 12:47
		Re: Good code or bad code? By: MikeB on Sun, 17 October 2010 13:12
		Re: Good code or bad code? By: Jerry Stuckle on Sun, 17 October 2010 13:37
		Re: Good code or bad code? By: Thomas 'PointedEars' on Sun, 17 October 2010 17:09
		Re: Good code or bad code? By: Magno on Sun, 17 October 2010 18:18
		Re: Good code or bad code? By: Thomas 'PointedEars' on Sun, 17 October 2010 18:39
		Re: Good code or bad code? By: Magno on Sun, 17 October 2010 22:16
		Re: Good code or bad code? By: Thomas 'PointedEars' on Sun, 17 October 2010 23:58
		Re: Good code or bad code? By: Hamish Campbell on Mon, 18 October 2010 06:09
		Re: Good code or bad code? By: Jerry Stuckle on Mon, 18 October 2010 00:06

Previous Topic:	buffering to allow headers in code?
Next Topic:	Stats comp.lang.php (last 7 days)

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Nov 27 00:46:36 GMT 2024

Total time taken to generate the page: 0.03633 seconds