Reputation: 2205
php and javascript redirect
Hi in a simple page i use php and javascript redirect to return to referrer page.
header("Location: $refererScript");
onclick="window.location.href='<?=$refererScript?>';"
Which is the best way to protect those scripts from generate errors:
Ex. should i use urlencode for $refererScript (or at least for query string ) and if so will this acceptable from javascript or must use escape (or something else)
For $refererScript i use the code above
$ref=$_SERVER["HTTP_REFERER"];
$refererParts = parse_url($_SERVER['HTTP_REFERER']);
$refererQuery=$refererParts["query"];
$refererFolders=explode("/",$refererParts["path"]);
$refererScript=$refererFolders[sizeof($refererFolders)-1];
if($refererQuery!="")
{ $refererScript.="?".$refererQuery; }
Thanks
Upvotes: 0
Views: 307
Answers (2)
Reputation: 8826
In the $_SERVER["HTTP_REFERER"]; should be already valid URL. If not, someone changed it manually and will get redirected to the wrong page.
I don't see any security risks here. Your code is fine.
Upvotes: 0
Reputation: 382686
I would suggest you to use php header approach because if javascript is disabled, then there will be no redirect and you should url encode it eg:
$refererScript = urlencode($refererScript);
header("Location: $refererScript");
Upvotes: 3
Related Questions
- Redirect with header and javascript code
- PHP Page redirection with javascript
- PHP redirection using header
- Redirect php using header location and passing parameters
- Java script redirect with header
- Javascript/PHP redirect
- PHP JavaScript redirect issue
- PHP redirect to another website
- JavaScript Redirection
- PHP redirect AFTER sending headers?