PHP_SELF
Menu Google Analytics 4
Menu PHP_SELF
 

PHP_SELF

Used in my php validation

The booking form seems to work with the action="<?php echo $_SERVER['PHP_SELF']; ?>" NOT included in the code.

What form-guide says:

A common use of PHP_SELF variable is in the action field of the <form> tag. The action field of the FORM instructs where to submit the form data when the user presses the "submit" button. It is common to have the same PHP page as the handler for the form as well.

Exploits

The injection of "rogue" Javascript

http://tempusfugit.me.uk/BWVH/movie_book3.php/%22%3E%3Cscript%3Ealert('xss')%3C /script%3E%3Cfoo%22

Supposedly if you paste the url above it will inject an alert box - or any other Javascript!!! - it doesn't seem to work - even when the PHP_SELF action is added.

Top

Links

Top

References: - a note on these

  • What You Can (And Can’t) Do With WordPress Without Knowing How to Code - https:// www.elegantthemes.com/blog/tips-tricks/ what-you-can-and-cant-do-with-wordpress- without-knowing-how-to-code

Site design by Tempusfugit Web Design -