I've seen it work with a relative URL, which suprised me, because until
I had saw that I would have agreed with you.
Jon
Chris Shiflett wrote:
--- Arnout Boks <[EMAIL PROTECTED]> wrote:
header('Location: ' . urlencode('loginForm.php?error=Incorrect
password'));
The Location header requires an absolute URL. Also, this is the header you
are sending:
Location: loginForm.php%3Ferror%3DIncorrect+password
I doubt that's the URL you meant. URL encode the value of URL variables,
not the entire URL.
Lastly, I hope you're not blindly displaying $_GET['error'] on your
loginForm.php page, otherwise you have a cross-site scripting
vulnerability.
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
