SitePoint Sponsor |
|
User Tag List
Results 1 to 7 of 7
-
Dec 3, 2003, 22:41 #1
- Join Date
- Sep 2003
- Location
- At work
- Posts
- 371
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
$_SERVER['HTTP_REFERER'] security
Hi. I have one part of my script written as
header("location:$_SERVER['HTTP_REFERER']");
This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?
Thanks anyone.
-
Dec 4, 2003, 13:23 #2
- Join Date
- Feb 2003
- Location
- Dog Street
- Posts
- 1,819
- Mentioned
- 1 Post(s)
- Tagged
- 1 Thread(s)
Originally Posted by say
You can't really trust what's in HTTP_REFERER, but it seems the worst that can happen here is that the user gets sent to that url.
--ed
-
Dec 4, 2003, 14:22 #3
- Join Date
- Oct 2003
- Location
- Germany
- Posts
- 2,195
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set (check for it).
-
Dec 4, 2003, 14:26 #4
- Join Date
- Apr 2002
- Location
- Salford / Manchester / UK
- Posts
- 4,838
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by Gaheris
re·dux (adj.): brought back; returned. used postpositively
[latin : re-, re- + dux, leader; see duke.]
WaSP Accessibility Task Force Member
splintered.co.uk | photographia.co.uk | redux.deviantart.com
-
Dec 4, 2003, 14:33 #5
- Join Date
- Oct 2003
- Location
- Germany
- Posts
- 2,195
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?
-
Dec 4, 2003, 19:41 #6
- Join Date
- Nov 2001
- Location
- Dallas, Texas
- Posts
- 1,342
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by Gaheris
i love php
-
Dec 5, 2003, 07:28 #7
- Join Date
- Oct 2003
- Location
- Germany
- Posts
- 2,195
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
how do you go about doing that?
Bookmarks