Just one point... NEVER trust HTTP_REFERER.
You can change the HTTP_REFERER in a simple curl request. I didn't read the thread entirely, but suggest a user to check for referer is never a good thing. Regards. On Fri, Feb 22, 2008 at 11:30 AM, csnyder <[EMAIL PROTECTED]> wrote: > On Fri, Feb 22, 2008 at 4:13 AM, inforequest <[EMAIL PROTECTED]> wrote: > > > > Just a warning that if possible your tracking script should limit its > > function to your known intended destinations else fail or whatever. > > Don't leave it "open" or you may find your site being utilized by others > > as a general purpose redirect proxy, often for less-than-honorable > purposes. > > > > -=john > > > > I was wondering about this, actually, but I also figured there must be > a bajillion other open redirect scripts out there. > > Shouldn't it be okay to limit it to requests with a valid HTTP-REFERER > header? In other words, the redirect only works if the user clicked a > link on your site, not by following a link from some other site. > > > -- > Chris Snyder > http://chxo.com/ > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Guilherme Blanco - Web Developer CBC - Certified Bindows Consultant Cell Phone: +55 (16) 9166-6902 MSN: [EMAIL PROTECTED] URL: http://blog.bisna.com São Carlos - SP/Brazil
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
