How To Identify The Requested Page In PHP

Question

Is there any easy way to identify the file initially handling the request, ignoring get arguments and handling (at least basic) mappings like / to /index.php?

Ideally what I'm looking for is something like $_SERVER['REQUEST_URI'], except it returns the same value regardless of the get arguments and that value is the file requested, not the URI, nor the currently executing file ($_SERVER['PHP_SELF']). In other words, a $_SERVER['REQUESTED_FILE'] or something. I haven't seen anything like that. Does it exist, or do I need to write something manually?

Update Here are some example URLs paired with what I would like the result to be:

example.com/mypage.php       : /mypage.php
example.com/                 : /index.php
example.com/foo/?hello=world : /foo/index.php

And these return values are true even in included files. See my answer below before answering, I think I've found what I was looking for.

Can you update your question and add a hypothetical example of what you are looking for? It's not clear whether you are interested in the requesting URL (http://example.org) or the file that is used to serve the request (/var/www/.../index.php) — Shoan, Jun 12 '09 at 03:00

dimo414 · Accepted Answer · 2015-01-26T18:46:22.167

I decided to test it out myself. The $_SERVER['SCRIPT_NAME'] variable serves up the path to the requested file, even if it's an index file, and without get parameters or anything else. The PHP documentation states this contains the path of the file, but it seems to be relative to the document root, just like PHP_SELF, but without the security vulnerability.

Here is the code I used to test this: https://gist.github.com/dimo414/5484870

The output when requesting example.com/?foo=bar:

__FILE__:               /var/www/index.php
PHP_SELF:               /index.php
SCRIPT_NAME:            /index.php
REQUEST_URI:            /?foo=bar
parse_url(REQUEST_URI): /


__FILE__:               /var/www/pathtest.php
PHP_SELF:               /index.php
SCRIPT_NAME:            /index.php
REQUEST_URI:            /?foo=bar
parse_url(REQUEST_URI): /

And the output when requesting example.com/index.php/<strong>XSS</strong>:

__FILE__:               /var/www/index.php
PHP_SELF:               /index.php/XSS # note the XSS exploit (this is bold in browser)
SCRIPT_NAME:            /index.php     # No exploit here
REQUEST_URI:            /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E


__FILE__:               /var/www/pathtest.php
PHP_SELF:               /index.php/XSS
SCRIPT_NAME:            /index.php
REQUEST_URI:            /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E

As you can see, $_SERVER['SCRIPT_NAME'] always gives back the file that originally handled the request, i.e. the file in the URL, without any XSS risks.

It's worth noting that if you use some sort of MVC or front controller method then "SCRIPT_NAME" will return the script that provided the include, so if everything runs through index.php example this is what will return - in this case $_SERVER['REQUEST_URI'] seems to do the trick. — Matthew Riches, Jan 07 '14 at 16:12
@MatthewRiches note that `REQUEST_URI` serves a different purpose than `SCRIPT_NAME` - the former is the URI the user requested, including GET parameters, where `SCRIPT_NAME` intentionally does not as it's a path on the server. If you're working within an MVC library, you should look through the library's documentation for how to best identify the actually requested file. — dimo414, Jan 07 '14 at 16:22

score 6 · Answer 2 · edited May 23 '17 at 12:17

6

$_SERVER['PHP_SELF']

Should return the actual script. But there are various methods.

I had a better link to a matrix of all the various file-related environment variables but I can't find it. I'll edit if it turns up.

Edit: I found a nice SO thread that details the differences between them.

edited May 23 '17 at 12:17

Community

1
1

answered Jun 11 '09 at 08:53

Oli

235,628
64
220
299

score 2 · Answer 3 · answered Nov 18 '16 at 06:02

2

Go get file name from the requested URL use following code.

basename($_SERVER['URL']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['SCRIPT_NAME']);
basename($_SERVER['SCRIPT_FILENAME']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['PATH_TRANSLATED']);
basename($_SERVER['PHP_SELF']);

use any one all all of those in the nested if condition so you will not miss file name any how.

answered Nov 18 '16 at 06:02

Somnath

159
1
1
7

1

This has nothing to do with the question. – dimo414 Dec 15 '16 at 17:09

score 0 · Answer 4 · answered Jun 11 '09 at 10:25

0

parse_url($_SERVER['REQUEST_URI']) and then pathinfo($path) to get requested filename
$_SERVER['PHP_SELF'] to get real filename
$_SERVER['SCRIPT_NAME'] to get real filename

answered Jun 11 '09 at 10:25

Jet

1,171
6
8

score -1 · Answer 5 · answered Apr 12 '16 at 07:50

-1

Its very old question and not very clear too. What I understood is that you want to know which page is sending request GET/POST. This can be implemented by:

$_SERVER['HTTP_REFERER']

Now, to get the actual page name, write like: = basename($_SERVER['HTTP_REFERER']);

This will solve you concern.

answered Apr 12 '16 at 07:50

Ashman Malhotra

1

No, the question is in no way asking about the HTTP referrer. That would (when set) indicate what page the user was previously on that referred them to this page. The question is asking for the file currently being requested, and the accepted answer demonstrates it's `$_SERVER['SCRIPT_NAME']`. – dimo414 Apr 12 '16 at 15:46

How To Identify The Requested Page In PHP

5 Answers5

Linked