I recently found out about the so-called "easter egg URLs" in PHP:
These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or web page:
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
This one is the most interesting, and displays an "easter egg" image of either a rabbit in a house (Sterling Hughes' rabbit, named Carmella), a brown dog in the grass, a black Scottish Terrier dog, a sloppy child hand-drawn, crayon-colored php logo, a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus, or a PHP elephant logo.
Others include:
-
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
(PHP Logo) -
?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
(Zend logo) -
?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
(PHP Credits)
I was shocked to discover that this does work on a lot of websites, including my own. I think this is idiotic and want to disable it, but from what I hear the only way to do it is in php.ini with expose_php = Off
, and it can't be set at runtime with ini_set()
.
I don't have direct access to php.ini on the live server. I have, however, figured out how to unset the X-Powered-By
header by using Header unset X-Powered-By
in .htaccess
, or header('X-Powered-By: ')
in the PHP code.
Is there any other way I can disable these "easter eggs", or do I have to get this setting changed in the main php.ini
(and is that indeed the correct/only way to disable these URLs)?