Retest with "killer" params
Raw display of $_GET:
$_REQUEST ($_GET, $_POST and possibly $_COOKIE): array (
'dest' => 'RHaworth.net',
)
$_GET: array (
'dest' => 'new value of $_GET["dest"]',
'newval' => 'added within a function',
)
$_GET has been changed but the same field in $_REQUEST is unchanged.
$_POST: array (
)
$_COOKIE: array (
'em2px' => '14',
)
$_SERVER: array (
'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin',
'PP_CUSTOM_PHP_INI' => '/var/www/vhosts/system/rhaworth.net/etc/php.ini',
'PP_CUSTOM_PHP_CGI_INDEX' => 'plesk-php56-fastcgi',
'HTTP_CONNECTION' => 'close',
'SCRIPT_NAME' => '/test/showenv.php',
'REQUEST_URI' => '/test/showenv.php?dest=RHaworth.net',
'QUERY_STRING' => 'dest=RHaworth.net',
'REQUEST_METHOD' => 'GET',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'REMOTE_PORT' => '32495',
'SCRIPT_FILENAME' => '/var/www/vhosts/rhaworth.net/httpdocs/test/showenv.php',
'SERVER_ADMIN' => 'root@localhost',
'CONTEXT_DOCUMENT_ROOT' => '/var/www/vhosts/rhaworth.net/httpdocs',
'CONTEXT_PREFIX' => '',
'REQUEST_SCHEME' => 'https',
'DOCUMENT_ROOT' => '/var/www/vhosts/rhaworth.net/httpdocs',
'REMOTE_ADDR' => '216.73.216.245',
'SERVER_PORT' => '443',
'SERVER_ADDR' => '195.224.99.182',
'SERVER_NAME' => 'rhaworth.net',
'SERVER_SOFTWARE' => 'Apache',
'SERVER_SIGNATURE' => '',
'HTTP_HOST' => 'rhaworth.net',
'HTTP_COOKIE' => 'em2px=14',
'HTTP_REFERER' => 'http://rhaworth.net/test/showenv.php?dest=RHaworth.net',
'HTTP_ACCEPT_ENCODING' => 'gzip, br, zstd, deflate',
'HTTP_USER_AGENT' => 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)',
'HTTP_ACCEPT' => '*/*',
'SSL_TLS_SNI' => 'rhaworth.net',
'HTTPS' => 'on',
'PASSENGER_DOWNLOAD_NATIVE_SUPPORT_BINARY' => '0',
'PASSENGER_COMPILE_NATIVE_SUPPORT_BINARY' => '0',
'PERL5LIB' => '/usr/share/awstats/lib:/usr/share/awstats/plugins',
'SCRIPT_URI' => 'https://rhaworth.net/test/showenv.php',
'SCRIPT_URL' => '/test/showenv.php',
'UNIQUE_ID' => 'aHVsg2pBN-Za5vjnYgjMWAAAAAI',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/test/showenv.php',
'REQUEST_TIME_FLOAT' => 1752525955.0892129,
'REQUEST_TIME' => 1752525955,
'SCRIPT_DIR' => 'https://rhaworth.net/test/',
'HTTP_WINVER' => false,
)
SCRIPT_DIR and HTTP_WINVER are non-standard and have been added by photinc.php
getcwd(): matches $_SERVER['SCRIPT_FILENAME']'/var/www/vhosts/rhaworth.net/httpdocs/test'
$_SESSION: NULL
$_ENV: array (
)
$_FILES: array (
)
$argc:
$argv:NULL
apache_request_headers(): array (
'Connection' => 'close',
'Host' => 'rhaworth.net',
'Cookie' => 'em2px=14',
'Referer' => 'http://rhaworth.net/test/showenv.php?dest=RHaworth.net',
'Accept-Encoding' => 'gzip, br, zstd, deflate',
'User-Agent' => 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)',
'Accept' => '*/*',
)
getdate(): Array
(
[seconds] => 55
[minutes] => 45
[hours] => 21
[mday] => 14
[wday] => 1
[mon] => 7
[year] => 2025
[yday] => 194
[weekday] => Monday
[month] => July
[0] => 1752525955
)
http_response_code(): 200
pathinfo(__FILE__): array (
'dirname' => '/var/www/vhosts/rhaworth.net/httpdocs/test',
'basename' => 'shownvi.php',
'extension' => 'php',
'filename' => 'shownvi',
)
posix_getpwuid(): for /var/www/vhosts/rhaworth.net/httpdocs/test/shownvi.phparray (
'name' => 'admin145042',
'passwd' => 'x',
'uid' => 10062,
'gid' => 1003,
'gecos' => '',
'dir' => '/var/www/vhosts/rhaworth.net',
'shell' => '/bin/false',
)
stat(__FILE__):array (
0 => 2050,
1 => 3236646781,
2 => 33188,
3 => 1,
4 => 10062,
5 => 1003,
6 => 0,
7 => 9074,
8 => 1752482725,
9 => 1692615546,
10 => 1692615558,
11 => 4096,
12 => 24,
'dev' => 2050,
'ino' => 3236646781,
'mode' => 33188,
'nlink' => 1,
'uid' => 10062,
'gid' => 1003,
'rdev' => 0,
'size' => 9074,
'atime' => 1752482725,
'mtime' => 1692615546,
'ctime' => 1692615558,
'blksize' => 4096,
'blocks' => 24,
)
Window data:
get_headers(): add gh=1 to command line to use get_headers() or gh=2 to use http_get(). Warning may be very slow!
php.ini:; ATTENTION!
;
; DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
; SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
[PHP]
SMTP = localhost
allow_url_fopen = On
allow_url_include = Off
asp_tags = Off
auto_append_file =
auto_globals_jit = On
auto_prepend_file =
bcmath.scale = 0
cli_server.color = On
default_charset = "UTF-8"
default_mimetype = "text/html"
default_socket_timeout = 60
disable_classes =
disable_functions = exec,passthru,shell_exec,system,proc_open,popen.
display_errors = Off
display_startup_errors = Off
doc_root =
enable_dl = Off
engine = On
error_reporting = 22519
expose_php = On
file_uploads = On
html_errors = On
ibase.allow_persistent = 1
ibase.dateformat = "%Y-%m-%d"
ibase.max_links = -1
ibase.max_persistent = -1
ibase.timeformat = "%H:%M:%S"
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ignore_repeated_errors = Off
ignore_repeated_source = Off
implicit_flush = Off
ldap.max_links = -1
log_errors = off
log_errors_max_len = 1024
mail.add_x_header = On
max_execution_time = 30
max_file_uploads = 20
max_input_time = 60
memory_limit = 128M
mssql.allow_persistent = On
mssql.compatibility_mode = Off
mssql.max_links = -1
mssql.max_persistent = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.secure_connection = Off
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.connect_timeout = 60
mysql.default_host =
mysql.default_password =
mysql.default_port =
mysql.default_socket =
mysql.default_user =
mysql.max_links = -1
mysql.max_persistent = -1
mysql.trace_mode = Off
mysqli.allow_persistent = On
mysqli.cache_size = 2000
mysqli.default_host =
mysqli.default_port = 3306
mysqli.default_pw =
mysqli.default_socket =
mysqli.default_user =
mysqli.max_links = -1
mysqli.max_persistent = -1
mysqli.reconnect = Off
mysqlnd.collect_memory_statistics = Off
mysqlnd.collect_statistics = On
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.defaultbinmode = 1
odbc.defaultlrl = 4096
odbc.max_links = -1
odbc.max_persistent = -1
open_basedir = none
output_buffering = 4096
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket =
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.ignore_notice = 0
pgsql.log_notice = 0
pgsql.max_links = -1
pgsql.max_persistent = -1
post_max_size = 8M
precision = 14
register_argc_argv = Off
report_memleaks = On
request_order = "GP"
serialize_precision = 17
session.auto_start = 0
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain =
session.cookie_httponly =
session.cookie_lifetime = 0
session.cookie_path = /
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.gc_probability = 0
session.hash_bits_per_character = 5
session.hash_function = 0
session.name = PHPSESSID
session.referer_check =
session.save_handler = files
session.save_path = "/var/lib/php/session"
session.serialize_handler = php
session.use_cookies = 1
session.use_only_cookies = 1
session.use_strict_mode = 0
session.use_trans_sid = 0
short_open_tag = Off
smtp_port = 25
soap.wsdl_cache_dir = "/tmp"
soap.wsdl_cache_enabled = 1
soap.wsdl_cache_limit = 5
soap.wsdl_cache_ttl = 86400
sql.safe_mode = Off
sybct.allow_persistent = On
sybct.max_links = -1
sybct.max_persistent = -1
sybct.min_client_severity = 10
sybct.min_server_severity = 10
tidy.clean_output = Off
track_errors = Off
unserialize_callback_func =
upload_max_filesize = 2M
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
user_dir =
variables_order = "GPCS"
zend.enable_gc = On
zlib.output_compression = Off
phpversion(): 5.6.40
This box is specified as 50 em wide
$_REQUEST[em2px]=16. So this box is specified as 50*16=800 pixels wide
2020 May 09 13:28:16 - /var/www/vhosts/rhaworth.net/httpdocs/test/showenv.php = $_SERVER['SCRIPT_FILENAME']
2023 Aug 21 11:59:06 - /var/www/vhosts/rhaworth.net/httpdocs/test/shownvi.php = __FILE__
