There was a script which people were using remotely, so I have to add this simple subroutine to check referrers. Currently, the site is getting approx. 20,000 hits per day.
I don't think you are using the correct ENV variable. The referer tells you what page the user was linking from when they made the submission, which among other things is very spoofable so really shouldn't be used for much of anything, especially supposed security. It can allow you assuming someone isn't messing with you to track a users path through a site, etc. but beyond that is pretty much worthless.
NO one, not even a single person claimed that they have experienced any problem after implementing this change, except for the owner of the site. I am webmaster for the site. And now she is pushing to undo this change immediately because she is constantly getting &error(bad_referrer) and unable to use this script and we both know she is the only one experiencing this problem.
Sounds like it is bookmarked or she is typing it in directly in whichcase there will be no referer (at least for most clients (browsers)).
Is there something wrong below? If yes, then why others are not getting any bad referrer error. If no, what could be the possible reasons that owner is the only person getting bad referrer error?
What are you *really* trying to do? If you are trying to add a security mechanism to a set of scripts this is definitely NOT the way to do it.
TIA, Sara.
------------------------------------------------------------
@referers = ('http://www.foo.com', 'http://foo.com');
The above is not scoped, which means you are still not using 'strict' and 'warnings' which you have been warned of.
sub check_url {
local($check_referer) = 0;
This is a misuse of 'local'.
if ($ENV{'HTTP_REFERER'}) { foreach $referer (@referers) { if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) { $check_referer = 1; last; } } } if ($check_referer != 1) { &error('bad_referer') } }
http://danconia.org
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
