SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Addict say's Avatar
    Join Date
    Sep 2003
    Location
    At work
    Posts
    371
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $_SERVER['HTTP_REFERER'] security

    Hi. I have one part of my script written as

    header("location:$_SERVER['HTTP_REFERER']");

    This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?

    Thanks anyone.

  2. #2
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by say
    Hi. I have one part of my script written as

    header("location:$_SERVER['HTTP_REFERER']");

    This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?

    Thanks anyone.
    I don't think there's anything to worry about here. Nothing that I can think of anyway. Anyone else see a problem?

    You can't really trust what's in HTTP_REFERER, but it seems the worst that can happen here is that the user gets sent to that url.

    --ed

  3. #3
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set (check for it).

  4. #4
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Gaheris
    Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set
    which happens for all users that run norton firewall, for instance...
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  5. #5
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?

  6. #6
    Apache Expert i_like_php's Avatar
    Join Date
    Nov 2001
    Location
    Dallas, Texas
    Posts
    1,342
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Gaheris
    Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?
    how do you go about doing that? tracking users and their browsing habits, using sessions? i would like to add that to my site
    i love php

  7. #7
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how do you go about doing that?
    Every script or script part records it's name or tag into a location array stored in a session.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •