From:             [EMAIL PROTECTED]
Operating system: Red Hat
PHP version:      4.0.4pl1
PHP Bug Type:     Feature/Change Request
Bug description:  Can set environment variables in the query string.

/* this is a security measure that only permits the display of the page if the referer 
is within the same domain as the page... if you run it with HTTP_REFERER=HTTP_HOST or 
a string of the host url in the query string or post a form input object called 
HTTP_REFERER with value of host url, it produces the same effect as if you had clicked 
on a link from within the site */

  $referer = parse_url($HTTP_REFERER);

  if($referer[host]!='') die ('invalid host');
  else{echo '<html>this is my page!!</html>';

Edit Bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to