Reputation: 1797
Php get Navigation
Hie
I use the GET method for navigation on one of my websites. The problem is that some dirty Einstein has create a link that calls another domain:
http://www.mywebsite.com?products=http://www.dirtyeinstein.com?fishform.inc
Is there a script that i can use to block this kind of abuse.
Thank you.
Upvotes: 1
Views: 592
Answers (2)
Reputation: 5523
Are you using navigation like that?
http://www.mywebsite.com?products=book.php
If you are not redirecting anyone out, I mean if you don't use something like
http://www.mywebsite.com?products=http://www.myanotherdomain.com
Then just check the string if it starts with "http"
May help: http://nl2.php.net/manual/en/function.substr.php
Ex:
$str = $_GET['products'];
if (strlen($str) > 4 && if (substr($str, 0, 4) == "http")
{
echo "You dirty Einstein!! Get out!";
return;
}
Upvotes: 0
Reputation: 20736
simply check in your script if the requested page exists, like
// allowed get parameters for product
$whiteList = array(
'tvs',
'toys',
);
$menu = $_GET['products'];
if (! in_array($menu, $whiteList) {
// forward to inde
} else {
// forward to requested page
}
Upvotes: 6