I'd suggest the following *slight* enhancement to make sure that the
HTTP_REFERER actually *begins* with the site name, not simply contains
it.
// prevents visits from pages like
http://badsite.com/form.htm?http://www.wnc.edu
if (strpos($referer, $site) === 0)
{
echo 'yes';
}
(or, if you
Thanks for the info. I've modified the script to reflect that. I
actually ended up reversing it, and so I used !== 0 which should work
just the same.
All this is a minor portion of a much larger security scheme for an
intranet site (which is protected by an LDAP server), where I am just
I didn't mean that the function was foolproof, only the match function itself.
However, your suggestion to add the line start is simple and effective.
Andrew Ballard wrote:
I'd suggest the following *slight* enhancement to make sure that the
HTTP_REFERER actually *begins* with the site name,
On 10/2/07, Al [EMAIL PROTECTED] wrote:
I didn't mean that the function was foolproof, only the match function itself.
Understood. :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
)) || (!strpos($yourimage, .jpeg)))
J
-Original Message-
From: Martin Thoma [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 9:42 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: strpos
if (!strpos(...))
will be better...
Why?
--
PHP General Mailing
Hello!
if (!strpos(...))
will be better...
Best regards,
Andrew Kirilenko.
-Original Message-
From: Martin Thoma [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 9:28 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: strpos
strpos return false if the search fails. You
if (!strpos(...))
will be better...
Why?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Oops. Forgot about 0 return ;(
-Original Message-
From: Martin Thoma [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 9:42 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: strpos
if (!strpos(...))
will be better...
Why?
--
PHP General Mailing List (http
8 matches
Mail list logo