httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael B Allen <iop...@gmail.com>
Subject Re: [users@httpd] Invoking PHP without .php extension?
Date Thu, 07 Jul 2011 23:54:32 GMT
On Thu, Jul 7, 2011 at 7:02 PM, Devraj Mukherjee <devraj@gmail.com> wrote:
> Hi,
>
> If your Rewrite rule reads something like this
>
> RewriteRule ^api/(.*) api-gateway.php   [L]
>
> Then basically you can extract the last few bit using regular
> expression in our case
>
> $urlParts = null;
> preg_match('/api\/([^\/]+)\/([0-9]+)*/', $_SERVER['REQUEST_URI'], $urlParts);
> $handlerName = count($urlParts) > 1 ? $urlParts[1] : null;
> $identifier = count($urlParts) > 2 ? $urlParts[2] : null;
>
> I would strongly suggest that you use Rewrite rules to achieve this.
> Allowing arbitary patterns to use the PHP parser could be an issue
> from a security standpoint.

So asking the admin to mod_rewrite the .php script into the URI and
then having the developer to reverse the rewrite rule within the
script is more secure? I don't think so.

This is a wreck and I must say I don't think it has much to do with
PHP. It has to do with the CGI model which is all but dead.

Mike

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message