In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (acleave)
wrote:
> 1) How do I return multiple data types at once from a function? For
> instance
> I might want to return 5, "apple", and true (an int, a string, and a boolean)
> all at once from a function.
return array(5, "apple", TRUE);
> 2) How does the predefined variable $HTTP_REFERER work with forms? I know
> the documentation says that it doesn't work with all browsers as the browser
> has the actual info but I tested it with IE 5 and NS 4.7 and it worked
> perfectly (for me). My real concern is could it be fooled in a simple manner
> or even turned off by selecting different settings in either of those two
> browsers? Or would it require a dedicated cracker and/or someone writing
> their own browser to give a false report (vs. no report at all)?
IE and NS aren't the only browsers in use today. I know iCab allows the
user to disable sending of HTTP_REFERER. I believe Opera may too. I'm not
sure about the capabilities of Konqueror and Lynx in this regard. Also,
AFAIK, no browser will send an HTTP_REFERER where the url request was
typed/pasted in directly by the user, or where the request came via a
bookmark. Most of the robots which visit my sites also don't leave an
HTTP_REFERER. So there are some common examples of "no report".
And while I haven't actually tried this, I assume that anyone could write
their own HTTP_REFERER simply by using fsockopen(). Thanks to PHP's ease
of use, using fsockopen does not require one to have the skills of a
"dedicated cracker".
(Relying on HTTP_REFERER for any security-related check is generally
considered a Bad Idea.)
--
CC
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
