64 if ( isset( $vars[
'SERVER_SOFTWARE'] )
65 && isset( $vars[
'REQUEST_URI'] )
66 && self::haveUndecodedRequestUri( $vars[
'SERVER_SOFTWARE'] )
68 $urlPart = $vars[
'REQUEST_URI'];
69 } elseif ( isset( $vars[
'QUERY_STRING'] ) ) {
70 $urlPart = $vars[
'QUERY_STRING'];
75 if ( self::isUrlExtensionBad( $urlPart, $extWhitelist ) ) {
81 if ( isset( $vars[
'PATH_INFO'] )
82 && self::isUrlExtensionBad( $vars[
'PATH_INFO'], $extWhitelist )
101 if ( strval( $urlPart ) ===
'' ) {
106 if ( strval( $extension ) ===
'' ) {
111 if ( in_array( $extension, [
'php',
'php5' ] ) ) {
115 if ( in_array( $extension, $extWhitelist ) ) {
120 if ( !preg_match(
'/^[a-zA-Z0-9_-]+$/', $extension ) ) {
141 $questionPos = strpos( $url,
'?' );
142 if ( $questionPos ===
false ) {
143 $beforeQuery = $url .
'?';
145 } elseif ( $questionPos === strlen( $url ) - 1 ) {
149 $beforeQuery = substr( $url, 0, $questionPos + 1 );
150 $query = substr( $url, $questionPos + 1 );
155 $query = str_replace(
'?',
'%3E', $query );
160 $url = $beforeQuery . $query;
161 if ( self::isUrlExtensionBad( $url, $extWhitelist ) ) {
194 $hashPos = strpos( $url,
'#' );
195 if ( $hashPos !==
false ) {
196 $urlLength = $hashPos;
198 $urlLength = strlen( $url );
200 $remainingLength = $urlLength;
201 while ( $remainingLength > 0 ) {
203 $pos += strcspn( $url,
'.', $pos, $remainingLength );
204 if ( $pos >= $urlLength ) {
211 $remainingLength = $urlLength - $pos;
215 $nextPos = $pos + strcspn( $url,
"<>\\\"/:|?*.", $pos, $remainingLength );
216 if ( $nextPos >= $urlLength ) {
219 return substr( $url, $pos, $urlLength - $pos );
221 if ( $url[$nextPos] ===
'?' ) {
224 $extension = substr( $url, $pos, $nextPos - $pos );
225 if ( strcasecmp( $extension,
'exe' ) && strcasecmp( $extension,
'dll' ) &&
226 strcasecmp( $extension,
'cgi' )
235 $remainingLength = $urlLength - $pos;