I may be wrong, but some browser have problems giving referers properly causing your visitor not to be able use your CGI.
>>> "Rob Dixon" <[EMAIL PROTECTED]> 03/10/03 06:52AM >>> Colin Johnstone wrote: > Gidday All, > > I have found this subroutine in someone else's program I need to > modify it so it will work on my server. I wish to use it to confirm > that only forms submiited from my Domain will be processed. Its the > reg ex I don't understand, Can someone help me re-write it. > > Is it as simple as substituting $bd_domain for a variable containing > mydomainname? Our domain is > "http://www.schools.nsw.edu.au";. I'd prefer it if in the re-write we > assign the domain to be verified to a variable and then put that > variable in the regex. > > sub check_url { > > local($check_referer) = 0; > > if ($ENV{'HTTP_REFERER'}) { > if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$bd_domain|i) { > $check_referer = 1; > } > } > else {$check_referer = 1;} > > if ($check_referer != 1) { &error('bad_referer') } > } > > > > Any help appreciated. Hi Colin. Yes, it is (almost) that simple. The test if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$bd_domain|i) is ensuring that the 'Referer:' header value is 'http://' or 'https://', followed by any number of (any character except a slash) followed by the contents of $bd_domain. You would set this to something like 'nsw.edu.au' leaving the 'www.schools.' (or any other server) to be matched by the ([^/]*) sub-expression. All character matching is case-insensitive because of the trailing |i. However, there is a bug in the original code. Since the dot character will match any single character in a regular expression, your final code will also allow things like: http://server.nsweedupau The answer here is to add a \Q metacharacter, which escapes all following character so that the are treated literally: if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)\Q$bd_domain|i) and that should do it for you. The only other thing is that I assume you won't be setting $check_referer = 1 in both paths through the conditional statement? HTH, Rob -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
