抱歉,我无法找到一个更好的简短解释标题
我有这个简单的路由器用于小型网站制作。
如果request_uri中有一个点,它将退出,以停止突破。但是当我尝试一个网址时,我在自己的服务器上获得了403
为什么获得403?我的strpos应该抓住这个
$request = $_SERVER['REQUEST_URI'];
$params = explode('/', $request);
if (strpos($request, '.') !== false) {
//breakout attempt
}
if (!file_exists(sprintf('pages/%s.php', $params[1]))) {
//requested page does not exists, throw or display error
error();
} else {
include sprintf('pages/%s.php', $params[1]);
}
现在这会抓住像
这样的网址http://localhost/asfasg/asfass.sg
http://localhost/www.hello.se
http://localhost/asfasg/dsgsdg/fas.asgas
但
http://localhost/https://www.youtube.com/watch?v=j1w87N9MLhM
http://localhost/banana://ww.sdf.xx/saf
似乎请求uri中有something:
You don't have permission to access /https://www.youtube.com/watch on this server.
Apache/2.4.9 (Win64) PHP/7.0.2RC1 Server at localhost Port 80
为什么?
答案 0 :(得分:0)
$request = "http://localhost/https://www.youtube.com/watch?v=j1w87N9MLhM";
$params = explode('/', $request);
//you want the last index which should be the filename
$filename = array_pop($params);
if (strpos($filename, '.') !== false) {
//breakout attempt
}
if (!file_exists(sprintf('pages/%s.php', $filename))) {
//requested page does not exists, throw or display error
error();
} else {
include sprintf('pages/%s.php', $filename);
}