[PHP-DEV] PHP 4.0 Bug #9767 Updated: Can set environment variables in the query string. From: cynic <email protected>
Date: 03/15/01

ID: 9767
Updated by: cynic
Reported By: toastyghost_ <email protected>
Old-Status: Open
Status: Bogus
Bug Type: Feature/Change Request
Assigned To:
Comments:

this is configurable from php.ini, and described in there:

variables_order = "EGPCS"
; This directive describes the order in which PHP registers
; GET, POST, Cookie, Environment and Built-in variables (G, P,
; C, E & S respectively, often referred to as EGPCS or GPC).
; Registration is done from left to right, newer values override
; older values.

Also, consider turning register_globals off.

Previous Comments:
---------------------------------------------------------------------------

[2001-03-15 10:09:27] toastyghost_ <email protected>
/* this is a security measure that only permits the display of the page if the referer is within the same domain as the page... if you run it with HTTP_REFERER=HTTP_HOST or a string of the host url in the query string or post a form input object called HTTP_REFERER with value of host url, it produces the same effect as if you had clicked on a link from within the site */

<?
  $referer = parse_url($HTTP_REFERER);

  if($referer[host]!='mydomain.com') die ('invalid host');
  else{echo '<html>this is my page!!</html>';
?>

---------------------------------------------------------------------------

ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9767&edit=2 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>