From: [EMAIL PROTECTED]
Operating system: Red Hat
PHP version: 4.0.4pl1
PHP Bug Type: Feature/Change Request
Bug description: Can set environment variables in the query string.
/* this is a security measure that only permits the display of the page if the referer
is within the same domain as the page... if you run it with HTTP_REFERER=HTTP_HOST or
a string of the host url in the query string or post a form input object called
HTTP_REFERER with value of host url, it produces the same effect as if you had clicked
on a link from within the site */
<?
$referer = parse_url($HTTP_REFERER);
if($referer[host]!='mydomain.com') die ('invalid host');
else{echo '<html>this is my page!!</html>';
?>
--
Edit Bug report at: http://bugs.php.net/?id=9767&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
