bug with use of $_SERVER["HTTP_HOST"] instead of SERVER_NAME
-
This is a minor but fundamental bug in the design of supercache IMHO
On most server configurations,
$_SERVER["HTTP_HOST"]
will happily return whatever the heck the user’s browser sent in it’s headers, even if it’s malformed on purpose. Supercache attempts to filter it, but only in a trivial way.However if you’d use
$_SERVER["SERVER_NAME"]
instead, it will come from the apache/php environement instead which is far more trustworthy.This is why when you look at your supercache directory will will see things like uppercase hostnames or subdomains that aren’t even real – it’s your server being probed by bad code from the http headers and supercache dutifully creating a directory for the request.
SERVER_NAME would help avoid that
Setup a PHPINFO page and play with your http headers and url and see the difference.
- The topic ‘bug with use of $_SERVER["HTTP_HOST"] instead of SERVER_NAME’ is closed to new replies.