Quick one:
I'm curious if anyone knows of certain circumstances under which $_SERVER['REQUEST_URI'] would contain a different value than $_GET['_uri'], given the following .htaccess for the latter:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ?_uri=$1 [L,QSA]
I've been using the latter method $_GET['_uri'], and while I'm aware that mod_rewrite would still be necessary, I'd like to get away from storing the URI as a query parameter.
Well, I've found one I didn't notice before; when the application bootstrap to which mod_rewrite forwards is not in the root web directory, $_SERVER['REQUEST_URI'] contains the parent directories, whereas $_GET['_uri'] only contains the latter URI component. Example:
Bootstrap is
/subdir/index.php
Requestinghttp://localhost/subdir/foo/bar/baz/
$_SERVER['REQUEST_URI']"/subdir/foo/bar/baz/"
$_GET['_uri']"foo/bar/baz/"
In order to replicate the result of $_GET['_uri'], decided to use this:
$prefix = trim(dirname(strtr($_SERVER['PHP_SELF'], '\\', '/')), '/') . '/';
$uri = trim($_SERVER['REQUEST_URI'], '/') . '/';
if(substr($uri, 0, strlen($prefix)) == $prefix){
$uri = substr($uri, strlen($prefix));
}
But I've not used $_SERVER['PHP_SELF'] often in the past, and now have read that it carries certain vulnerabilities and/or inconsistencies with it's use.
http://example.com/meow?param=value&_uri=hihihi
$_GET['_uri'] result: meowhihihi$_SERVER['REQUEST_URI'] value: /meow?param=value&_uri=hihihi$_SERVER['REDIRECT_URL'] value: /meowAll because of [QSA] flag.
Use $_SERVER['REQUEST_URI'] and/or $_SERVER['REDIRECT_URL'] instead.
The above is for Apache. On IIS 7.x it may be a bit different.