| Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179858 is a reply to message #179857] |
Wed, 12 December 2012 17:22   |
Tony Marston
Messages: 57
Registered: November 2010
Karma:
|
Member |
|
|
"Scott Johnson" wrote in message news:kaa0on$qjt$1(at)dont-email(dot)me...
>
> On 12/11/2012 11:25 PM, Tony Marston wrote:
>
>>> You may try phpinfo() to get the full list of data/variables set by
>>> your server. Some here may ask for that info to help you further.
>>
>> The output from phpinfo() looks perfectly normal and correct. It shows
>> the expected values for SERVER_NAME and HTTP_HOST.
>>
>
> If you are getting the right value in SERVER_NAME and HTTP_HOST using
> phpinfo() but are then getting a different value when you use the same
> variable in your script, then you have an error in your script.
These is no error in the script as it runs perfectly for thousands of
requests, but occasionally it fails because $_SERVER['SERVER_NAME'] and
$_SERVER['HOST_NAME'] contain values which are different from those which I
expect and which are reported by phpinfo(). It appears that is *IS* possible
for the client to spoof these values, as reported in
http://shiflett.org/blog/2006/mar/server-name-versus-http-host
> You may somewhere be setting the variables when you think you may be
> comparing them.
>
> if(SERVER_NAME = 'blabla')... set
>
> if(SERVER_NAME == 'blabla')... compare
>
--
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]