doumizhi0809 2012-05-04 19:34
浏览 46
已采纳

如何禁用PHP“复活节彩蛋”网址?

I recently found out about the so-called "easter egg URLs" in PHP:

These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or web page:

  1. ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

This one is the most interesting, and displays an "easter egg" image of either a rabbit in a house (Sterling Hughes' rabbit, named Carmella), a brown dog in the grass, a black Scottish Terrier dog, a sloppy child hand-drawn, crayon-colored php logo, a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus, or a PHP elephant logo.

enter image description here

Others include:

  • ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 (PHP Logo)
  • ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 (Zend logo)
  • ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 (PHP Credits)

I was shocked to discover that this does work on a lot of websites, including my own. I think this is idiotic and want to disable it, but from what I hear the only way to do it is in php.ini with expose_php = Off, and it can't be set at runtime with ini_set().

I don't have direct access to php.ini on the live server. I have, however, figured out how to unset the X-Powered-By header by using Header unset X-Powered-By in .htaccess, or header('X-Powered-By: ') in the PHP code.

Is there any other way I can disable these "easter eggs", or do I have to get this setting changed in the main php.ini (and is that indeed the correct/only way to disable these URLs)?

  • 写回答

4条回答 默认 最新

  • dongzhi2332 2012-05-04 19:42
    关注

    A quick HTACCESS global rewrite could regex the exact string right out of every URL thus getting rid of the only fun part of PHP without touching the ini file nor needing a function at the beginning of every file.

    Haven't tested this yet, but this should work:

    RewriteEngine On
    RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC]
    RewriteRule .* - [F]
    

    Of course, just copy the last 2 lines for each of the other possible queries, or write a more generic regex. I'm not good with regex. :)

    This version covers all of the easter egg fun and was found here:

    RewriteEngine On
    RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
    RewriteRule .* - [F]
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)
编辑
预览

报告相同问题?

手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部