开发者

php and javascript redirect

问答 作者:

Hi in a simple page i use php and javascript redirect to return to referrer page.

header("Location: $refererScript");

onclick="window.location.href='<?=$refererScript?>';"

Which is the best way to protect those scripts from generate errors:

Ex. should i use urlencode for $refererScript (or at least for query string ) and if so will this acceptable from javascript or must use escape (or something else)

For $refererScript i use the code above

$ref=$_SERVER["HTTP_REFERER"];
$refererParts = parse_ur开发者_高级运维l($_SERVER['HTTP_REFERER']);
$refererQuery=$refererParts["query"];
$refererFolders=explode("/",$refererParts["path"]);
$refererScript=$refererFolders[sizeof($refererFolders)-1];
if($refererQuery!="")
{ $refererScript.="?".$refererQuery; }

Thanks

I would suggest you to use php header approach because if javascript is disabled, then there will be no redirect and you should url encode it eg:

$refererScript = urlencode($refererScript);
header("Location: $refererScript");

In the $_SERVER["HTTP_REFERER"]; should be already valid URL. If not, someone changed it manually and will get redirected to the wrong page.

I don't see any security risks here. Your code is fine.

继续阅读:headerphpredirect

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9