How can I disable PHP's "easter egg" URLs?

210

I recently found out about the so-called "easter egg URLs" in PHP:

These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or web page:

  1. ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

This one is the most interesting, and displays an "easter egg" image of either a rabbit in a house (Sterling Hughes' rabbit, named Carmella), a brown dog in the grass, a black Scottish Terrier dog, a sloppy child hand-drawn, crayon-colored php logo, a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus, or a PHP elephant logo.

enter image description here

Others include:

  • ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 (PHP Logo)
  • ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 (Zend logo)
  • ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 (PHP Credits)

I was shocked to discover that this does work on a lot of websites, including my own. I think this is idiotic and want to disable it, but from what I hear the only way to do it is in php.ini withexpose_php = Off, and it can't be set at runtime withini_set().

I don't have direct access to php.ini on the live server. I have, however, figured out how to unset theX-Powered-By header by using in.htaccess, orheader('X-Powered-By: ') in the PHP code.

Is there any other way I can disable these "easter eggs", or do I have to get this setting changed in the mainphp.ini (and is that indeed the correct/only way to disable these URLs)?

158

Answer

Solution:

in php.ini

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
 expose_php = Off

This will effectively remove the easter eggs

People are also looking for solutions to the problem: Save items from array on mysql with php

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.