find all get parameters and current url

Question

How would I easily find the current url and all of the GET paramaters in that URL with PHP? I want to track which GET paramaters are being passed to the current url. If somebody could give me the PHP command to do this, then that would be great! Thanks! Here is my code:

<?php

$filedir = './';

$filename = $_GET['file'];
//security check
if(strpos(realpath($filename), PATH_TO_VALID_MP3s) !== 0) { die('bad path!'); } 
$path = $filedir . $filename;

if (!is_file($path) OR connection_status() != 0)
{
    exit();
}

ob_end_clean();

header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header('Expires: '. gmdate('D, d M Y H:i:s', mktime(date('H')+2, date('i'), date('s'), date('m'), date('d'), date('Y'))).' GMT');
header('Last-Modified: '. gmdate('D, d M Y H:i:s').' GMT');
header('Content-Type: application/octet-stream');
header('Content-Length: '. @filesize($path));
header('Content-Disposition: attachment; filename="'. $filename .'"');
header('Content-Transfer-Encoding: binary');

if ($file = @fopen($path, 'rb'))
{
    while (!feof($file) AND connection_status() == 0)
{
    echo fread($file, 1024 * 8);
}

flush();
}

@fclose($file);
?>

BTW possible duplicate of many `how to get current page url in php` questions. — dev-null-dweller, May 13 '13 at 21:17

score 1 · Answer 1 · answered May 13 '13 at 21:14

1

The $_SERVER and $_GET arrays are your friends ;)

answered May 13 '13 at 21:14

hek2mgl

152,036
28
249
266

Further note, that `$_SERVER` will also contain the unparsed query string. This might be interesting if you are interested in the order of GET params – hek2mgl May 13 '13 at 21:21
Yes, i know, but people visit download.php?file=filename.mp3 and that would download filename.mp3.... this is in a directory with only nonvulnerable mp3 files, but i just want to make sure they dont find a way to download root directory files. That is why i ask – Shadowpat May 13 '13 at 21:22
`if(strpos(realpath($filename), PATH_TO_VALID_MP3s) !== 0) { die('bad path!'); }` – hek2mgl May 13 '13 at 21:34
Ohhh that looks awesome!!!! CAnt wait to see what it does, one minute please! – Shadowpat May 13 '13 at 21:42
That should go at the very top of the page, correct? – Shadowpat May 13 '13 at 21:43
OOPS! One problem with that @hek2mgl, some of the files are WAV and MP3 and other audio, is there like one that will be for all audio instead of just MP3? – Shadowpat May 13 '13 at 21:46

score 0 · Accepted Answer · answered May 13 '13 at 21:15

0

There is already a global variable present that contains all the GET variables.

$_GET

http://php.net/manual/en/reserved.variables.get.php

An alternative is the $_REQUEST global.

http://php.net/manual/en/reserved.variables.request.php

An associative array that by default contains the contents of $_GET, $_POST and $_COOKIE.

answered May 13 '13 at 21:15

Bart

17,070
5
61
80

so whould i just do echo $_GET? – Shadowpat May 13 '13 at 21:23
I don't know what you wan't to do with them. You should read the PHP manual on how to use them for the solution you're after. – Bart May 13 '13 at 21:25
I just want to see the paramaters and send them in an email – Shadowpat May 13 '13 at 22:04
In that case use `$get = print_r($_GET, true)`. It will return the textual array representation of `$_GET`. – Bart May 13 '13 at 22:32

find all get parameters and current url

2 Answers2