Hi all. I've got a simple mailer script that I wrote a few years ago
that has been acting up over the past week.
The problem is with the following check I perform at the very top of the
script:
if (!stristr($_SERVER['HTTP_REFERER'],"unbc.ca")) {
die("You can't access this script outside of our domain.");
}
The mailer is located in my personal webspace on the web.unbc.ca server
and the calling forms are all located on www.unbc.ca.
For some reason some people (apparently around 10 over the past week)
are getting this error from two particular forms, but I know for certain
that these forms are within our domain.
Does anyone know why this would be happening other than someone making
an illegal copy of the form and posting it on another domain (which I
doubt is the case)?
As I wrote earlier this script is about three years old, so at the time
I didn't code using the $_SERVER and $_POST vars and just refered to
them variable names explicitly. However, the PHP version on the machine
hasn't changed for a long time (4.1.2) so I can't see why this would
suddenly start happening now.
To be safe I've just converted all the $_SERVER and $_POST vars in the
script to use these references, so I'll be interested to see if the
error goes away but I doubt it will.
I was debating writing a simple regular expression to use instead of the
stristr check but I don't really think it will make a difference as the
only way the stristr check will fail is if the string 'unbc.ca' is NOT
found in the referring page.
Does anyone have any idea what could be causing this problem? Short of
removing the check altogether I can't really see another way around it.
Cheers and thanks much in advance,
Pablo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
