| Re: $referrer = $_SERVER['HTTP_REFERER'] echo [message #181967 is a reply to message #181958] |
Fri, 28 June 2013 18:03   |
Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma:
|
Senior Member |
|
|
Thomas 'PointedEars' Lahn wrote:
> Christoph Michael Becker wrote:
>> Thomas 'PointedEars' Lahn wrote:
>> Anyway, it seems the regular expression given in Appendix B of RFC 2396
>> *seems* to be more permissive than the actual syntax given in Appendix A.
>
> Appendixes are not normative. Assuming relevance, in which way does it seem
> more permissive?
The following example passes the regular expression in Appendix B of RFC
2396, but it is not allowed according to Appendix A (if I'm not mistaken):
http://http://example.com
>> I have not checked RFC 3986 regarding this issue yet.
>>
>>> But I would never check against the HTTP-Referer [sic!] in the first
>>> place. There are much more reliable solutions, like session variables.
>>> See also <https://owasp.org/>.
>>
>> ACK. OTOH I have some concerns regarding cookies (I do not "like" to
>> propagate session IDs as a GET parameter) due to the European cookie
>> law(s).
>
> Directive 95/46/EC does not apply here.
I was referring to directive 2009/136/EC, which *might* apply.
--
Christoph M. Becker
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]