On Fri, Feb 22, 2008 at 4:13 AM, inforequest <[EMAIL PROTECTED]> wrote: > > Just a warning that if possible your tracking script should limit its > function to your known intended destinations else fail or whatever. > Don't leave it "open" or you may find your site being utilized by others > as a general purpose redirect proxy, often for less-than-honorable purposes. > > -=john >
I was wondering about this, actually, but I also figured there must be a bajillion other open redirect scripts out there. Shouldn't it be okay to limit it to requests with a valid HTTP-REFERER header? In other words, the redirect only works if the user clicked a link on your site, not by following a link from some other site. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
