This is a minor but fundamental bug in the design of supercache IMHO
On most server configurations,
$_SERVER["HTTP_HOST"]will happily return whatever the heck the user’s browser sent in it’s headers, even if it’s malformed on purpose. Supercache attempts to filter it, but only in a trivial way.
However if you’d use
$_SERVER["SERVER_NAME"]instead, it will come from the apache/php environement instead which is far more trustworthy.
This is why when you look at your supercache directory will will see things like uppercase hostnames or subdomains that aren’t even real – it’s your server being probed by bad code from the http headers and supercache dutifully creating a directory for the request.
SERVER_NAME would help avoid that
Setup a PHPINFO page and play with your http headers and url and see the difference.
- The topic ‘bug with use of $_SERVER["HTTP_HOST"] instead of SERVER_NAME’ is closed to new replies.