<i id='PnCj8'><tr id='PnCj8'><dt id='PnCj8'><q id='PnCj8'><span id='PnCj8'><b id='PnCj8'><form id='PnCj8'><ins id='PnCj8'></ins><ul id='PnCj8'></ul><sub id='PnCj8'></sub></form><legend id='PnCj8'></legend><bdo id='PnCj8'><pre id='PnCj8'><center id='PnCj8'></center></pre></bdo></b><th id='PnCj8'></th></span></q></dt></tr></i><div id='PnCj8'><tfoot id='PnCj8'></tfoot><dl id='PnCj8'><fieldset id='PnCj8'></fieldset></dl></div>

<legend id='PnCj8'><style id='PnCj8'><dir id='PnCj8'><q id='PnCj8'></q></dir></style></legend><tfoot id='PnCj8'></tfoot>

在 php 5.5.1/apache 2.4.6 中忽略带有下划线的标题名称

时间：2024-08-22

<legend id='OHXjk'><style id='OHXjk'><dir id='OHXjk'><q id='OHXjk'></q></dir></style></legend>

<tfoot id='OHXjk'></tfoot>

<i id='OHXjk'><tr id='OHXjk'><dt id='OHXjk'><q id='OHXjk'><span id='OHXjk'><b id='OHXjk'><form id='OHXjk'><ins id='OHXjk'></ins><ul id='OHXjk'></ul><sub id='OHXjk'></sub></form><legend id='OHXjk'></legend><bdo id='OHXjk'><pre id='OHXjk'><center id='OHXjk'></center></pre></bdo></b><th id='OHXjk'></th></span></q></dt></tr></i><div id='OHXjk'><tfoot id='OHXjk'></tfoot><dl id='OHXjk'><fieldset id='OHXjk'></fieldset></dl></div>

本文介绍了在 php 5.5.1/apache 2.4.6 中忽略带有下划线的标题名称的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着跟版网的小编来一起学习吧！

问题描述

升级到 php 5.5.1 和 apache 2.4.6 后，检查某些标头现在已损坏(特别是检查 HTTP_X_REQUESTED_WITH).

After upgrading to php 5.5.1 and apache 2.4.6, checking for certain headers is now broken (specifically, checking for HTTP_X_REQUESTED_WITH).

通过进一步的测试，我注意到任何包含下划线的自定义标头都会被忽略(我的意思是它不会出现在 PHP 的 $_SERVER 数组中).因此，如果我添加一个名为 my-header 的标头，它会以 $_SERVER['HTTP_MY_HEADER'] 的形式使用，但如果我尝试添加一个标头 my_header，它在 $_SERVER 中不可用.

Through further testing I noticed that any custom header that contains an underscore is ignored (by this I mean it does not show up in PHP's $_SERVER array). So if I add a header named my-header, it becomes available as $_SERVER['HTTP_MY_HEADER'], but if I try adding a header my_header, it's not available in $_SERVER.

推荐答案

这是 apache 2.4 中记录的功能.请参阅 httpd.apache.org/docs/trunk/new_features_2_4.html

This is a documented feature in apache 2.4. See httpd.apache.org/docs/trunk/new_features_2_4.html

将标头转换为环境变量比在通过以下方式减轻一些可能的跨站点脚本攻击之前标头注入.包含无效字符的标头(包括下划线)现在被静默删除.

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped.

这篇关于在 php 5.5.1/apache 2.4.6 中忽略带有下划线的标题名称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！

上一篇：用于下载文件的 PHP 脚本在 IE 中不起作用 下一篇：资源解释为文档，但使用 MIME 类型 text/css 传输

相关文章

<tfoot id='1h6BK'></tfoot>

<legend id='1h6BK'><style id='1h6BK'><dir id='1h6BK'><q id='1h6BK'></q></dir></style></legend>

<i id='1h6BK'><tr id='1h6BK'><dt id='1h6BK'><q id='1h6BK'><span id='1h6BK'><b id='1h6BK'><form id='1h6BK'><ins id='1h6BK'></ins><ul id='1h6BK'></ul><sub id='1h6BK'></sub></form><legend id='1h6BK'></legend><bdo id='1h6BK'><pre id='1h6BK'><center id='1h6BK'></center></pre></bdo></b><th id='1h6BK'></th></span></q></dt></tr></i><div id='1h6BK'><tfoot id='1h6BK'></tfoot><dl id='1h6BK'><fieldset id='1h6BK'></fieldset></dl></div>