URL's that end with trailing slash, like index.php/ wreck havoc in PHP Nuke

Posted on Wednesday, December 15, 2004 @ 19:42:10 UTC in Bugs - Fixed
by BobMarion

I got an email today asking me if there was a bug on my site. The person mistyped the url as http://www.nukescripts.net/index.php/ and it caused an interesting effect. The index page loaded but would not load any of the style of graphics it should have. I then tested that with /admin.php/ and it caused the same effect. While this is not an exploit it is very upsetting that it happens at all so here is the cure: Open your mainfile.php and put: if($_SERVER['REQUEST_URI'] != "/" AND substr($_SERVER['REQUEST_URI'], -1) == "/") { header("Location: http://".$_SERVER['HTTP_HOST'].rtrim($_SERVER['REQUEST_URI'],'/')); } right after the opening < ?php. If your running NukeSentinel™ place it above the NukeSentinel™ inclusion and after the < ?php .

If you use Apache and have access to either the httpd.conf file or the .htaccess file, you can use the following code at the server level:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/(.*) $1

This fix brought to you by NukeScripts and Raven PHPScripts.
 
 
click Related        click Share
 
 

Re: URL's that end with trailing slash, like index.php/ wreck havoc in PHP Nuke (Score: 1)
by money on Wednesday, December 15, 2004 @ 21:37:04 UTC
  
(User Info | Send a Message)

This problem can be fixed by simply adding a base tag between the [head][/head] tags in the page's header.

Example:
[base href="http://www.yourdomainname.tld/" /]

The href can be adjusted if the script is installed on a subdomain or subdirectory.

** Note: change square brackets shown above to angled ones.

Re: URL's that end with trailing slash, like index.php/ wreck havoc in PHP Nuke (Score: 1)
by Raven
(raven (_AT_) ravenphpscripts (_DOT_) com) on Wednesday, December 15, 2004 @ 21:46:35 UTC
(User Info | Send a Message)

If you have access to .htaccess or httpd.conf, that is the way you should go as it will be at the server level. Otherwise, there are several coding ways to resolve this. Thanks for your contribution!

 
 

404s over here (Score: 1)
by oprime2001 on Wednesday, December 15, 2004 @ 22:01:06 UTC

(User Info | Send a Message)

I got 404s when I tried the trailing slash on index.php and admin.php on my sites.

Re: 404s over here (Score: 1)
by Raven
(raven (_AT_) ravenphpscripts (_DOT_) com) on Wednesday, December 15, 2004 @ 22:08:16 UTC
(User Info | Send a Message)

We noticed that that happens on some sites. I believe it depends on how your Apache directives are set. In any event, you don't want that to happen either.

 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,640,447
  • Today: 7,749
Server InfoServer Info
  • Mar 29, 2024
  • 05:58 am UTC