| Re: $referrer = $_SERVER['HTTP_REFERER'] echo [message #181955 is a reply to message #181953] |
Thu, 27 June 2013 22:19   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Christoph Michael Becker wrote:
> […] You may consider to use only simple expressions for an if expression,
> e.g.:
>
> $cameFromExpectedPage = substr($referrer, -13) === 'formcheck.php';
> if ($cameFromExpectedPage) {
> echo 'Something showed up';
> }
Good idea, but I would write
$cameFromExpectedPage = (substr($referrer, -13) === 'formcheck.php');
for even greater clarity.
Also, I would let match RFC 3986, Appendix B, against a URI. What if there
is a query part, for example?
But I would never check against the HTTP-Referer [sic!] in the first place.
There are much more reliable solutions, like session variables. See also
<https://owasp.org/>.
PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]