[nycphp-talk] $_SERVER['REQUEST_URI'] validation
Cliff Hirsch
cliff at pinestream.com
Thu Jul 20 12:22:02 EDT 2006
I have tried to avoid $_SERVER['REQUEST_URI'] for security reasons, but
it's just too easy to use for things like login redirects. Are there any
good scripts for validating this variable?
As I see it, I should probably deconstruct it, validate the following,
and then reconstruct it.
1. The domain is "mine"
2. The requested page is "ok"
3. The "stuff" after the ? isn't "nasty"
Any thoughts or suggestions?
Cliff
_______________________________
Pinestream Communications, Inc.
52 Pine Street, Weston, MA 02493 USA
Tel: 781.647.8800, Fax: 781.647.8825
http://www.pinestream.com <http://www.pinestream.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20060720/35725274/attachment.html>
More information about the talk
mailing list