From: [EMAIL PROTECTED] Operating system: Red Hat PHP version: 4.0.4pl1 PHP Bug Type: Feature/Change Request Bug description: Can set environment variables in the query string. /* this is a security measure that only permits the display of the page if the referer is within the same domain as the page... if you run it with HTTP_REFERER=HTTP_HOST or a string of the host url in the query string or post a form input object called HTTP_REFERER with value of host url, it produces the same effect as if you had clicked on a link from within the site */ <? $referer = parse_url($HTTP_REFERER); if($referer[host]!='mydomain.com') die ('invalid host'); else{echo '<html>this is my page!!</html>'; ?> -- Edit Bug report at: http://bugs.php.net/?id=9767&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]