No require, no include, no url rewriting, yet the script is executed without being in the url

I am trying to trace the flow of execution in some legacy code. We have a report being accessed with

http://site.com/?nq=showreport&action=view

This is the puzzle:

• in index.php there is no $_GET['nq'] or $_GET['action'] (and no $_REQUEST either),
• index.php, or any sources it includes, do not include showreport.php,
• in .htaccess there is no url-rewriting

yet, showreport.php gets executed.

I have access to cPanel (but no apache config file) on the server and this is live code I cannot take any liberty with.

What could be making this happen? Where should I look?

Update

Funny thing - sent the client a link to this question in a status update to keep him in the loop; minutes latter all access was revoked and client informed me that the project is cancelled. I believe I have taken enough care not to leave any traces to where the code actually is ...

I am re开发者_如何学Golieved this has been taken off me now, but I am also itching to know what it was!

Thank you everybody for your time and help.

There are "a hundreds" ways to parse a URL - in various layers (system, httpd server, CGI script). So it's not possible to answer your question specifically with the information you have got provided.

You leave a quite distinct hint "legacy code". I assume what you mean is, you don't want to fully read the code, understand it even that much to locate the piece of the application in question that is parsing that parameter.

It would be good however if you leave some hints "how legacy" that code is: Age, PHP version targeted etc. This can help.

It was not always that $_GET was used to access these values (same is true for $_REQUEST, they are cousins).

Let's take a look in the PHP 3 manual ^Mirror:

HTTP_GET_VARS

An associative array of variables passed to the current script via the HTTP GET method.

Is the script making use of this array probably? That's just a guess, this was a valid method to access these parameter for quite some time.

Anyway, this must not be what you search for. There was this often misunderstood and mis-used (literally abused) feature called register globals ^{PHP Manual} in PHP. So you might just be searching for $nq.

Next to that, there's always the request uri and apache / environment / cgi variables. See the link to the PHP 3 manual above it lists many of those. Compare this with the current manual to get a broad understanding.

In any case, you might have grep or a multi file search available (Eclipse has a nice build in one if you need to inspect legacy code inside some IDE).

So in the end of the day you might just look for a string like nq, 'nq', "nq" or $nq. Then check what this search brings up. String based search is a good entry into a codebase you don't know at all.

I’d install xdebug and use its function trace to look piece by piece what it is doing.

EDIT:

Okay, just an idea, but... Maybe your application is some kind of include hell like application I’m sometimes forced to mess at work? One file includes another, it includes another and that includes original file again... So maybe your index file includes some file that eventually causes this file to get included?

Another EDIT:

Or, sometimes application devs didn’t know what is a $_GET variable and parsed the urls themselves -> doing manual includes based to based urls.

I don't know how it works, but I know that Wordpress/Silverstipe is using is own url-rewriting to parse url to find posts/tags/etc. So the url parsing maybe done in a PHP script.

Check your config files (php.ini and .htaccess), you may have auto_prepend_file set.

check your crontab, [sorry I don't know where you would find it in cpanel] - does the script fire at a specific time or can you see it definitely fires only when you request a specific page?

-sean

EDIT: If crontab is out, take a look at index.php [and it's includes] and look for code that either loops over the url parameters without specifically noting "nq" and anything that might be parsing the query string [probably something like: $_SERVER['QUERY_STRING'] ]

-sean

You should give debug_backtrace() (or debug_print_backtrace() a try. The output is similar to the output of an Exception-stacktrace, thus it should help you to find out, what is called when and from where. If you don't have the possibility to run the application on a local development system, make sure, that nobody else can see the output

Are you sure that you are looking at the right config or server? If you go the url above you get an error page that seems to indicate that the server is actually a microsoft iis server and not an apache one.