By C extensions we can directly manipulate the large PHP variables, such as:GET,POST,SERVER
You can fetch $_SERVER[‘PHP_SELF‘] (or any other $_SERVER variable if you need to), like this:
// This code makes sure $_SERVER has been initialized
if (!zend_hash_exists(&EG(symbol_table), "_SERVER", 8)) {
zend_auto_global* auto_global;
if (zend_hash_find(CG(auto_globals), "_SERVER", 8, (void **)&auto_global) != FAILURE) {
auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
}
}
// This fetches $_SERVER[‘PHP_SELF‘]
zval** arr;
char* script_name;
if (zend_hash_find(&EG(symbol_table), "_SERVER", 8, (void**)&arr) != FAILURE) {
HashTable* ht = Z_ARRVAL_P(*arr);
zval** val;
if (zend_hash_find(ht, "PHP_SELF", 9, (void**)&val) != FAILURE) {
script_name = Z_STRVAL_PP(val);
}
}
The script_name variable will contain the name of the script.
In case you‘re wondering, the first block, that initializes $_SERVER, is necessary because some SAPIs (e.g.: the Apache handler) will initialize $_SERVER only when the user script accesses it (just-in-time). Without that block of code, if you try to read $_SERVER[‘PHP_SELF‘] before the script tried accessing $_SERVER, you‘d end up with an empty value.
Obviously, you should add error handling in the above code in case anything fails, so that you don‘t invoke undefined behavior when trying to access script_name.
or
You can fetch GET ,like this
// This code makes sure $_SERVER has been initialized
if (!zend_hash_exists(&EG(symbol_table), "_GET", 5)) {
zend_auto_global* auto_global;
if (zend_hash_find(CG(auto_globals), "_GET", 5, (void **)&auto_global) != FAILURE) {
auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
}
}
// This fetches $_SERVER[‘PHP_SELF‘]
zval** arr;
char* script_name;
if (zend_hash_find(&EG(symbol_table), "_GET", 5, (void**)&arr) != FAILURE) {
HashTable* ht = Z_ARRVAL_P(*arr);
zval** val;
if (zend_hash_find(ht, "HOSTNAME", 9, (void**)&val) != FAILURE) {
script_name = Z_STRVAL_PP(val);
php_printf(script_name);
}else {
php_printf("sorry!!!");
}
}
}
so,This prevents attacks, it will be a good way