|  | Posted by Rik on 02/18/07 16:26 
On Sun, 18 Feb 2007 17:02:36 +0100, turnitup <same@same> wrote:
 > turnitup wrote:
 >> I have a security mechanism that checks that session variables are se=
 t,  =
 
 >> and if not, redirects. It seems, however, that CURL just ignores this=
 =
 
 >> statement and completely breaches my security.
 >>  Does anyone have any ideas how to avoid this?
 >
 >
 > It seems that CURL ignores the redirect header. I had to put an exit  =
 
 > after that statement. Sorted now. CAVEAT REDIRECTOR!!!
 
 Which is why redirecting should actually be done like this:
 
 <?php
 $target =3D 'http://example.com';
 header("Location: $target");
 print("You are being redirected to $target, click <a  =
 
 href=3D\"$target\">here</a> if you don't get redirected.");
 exit;
 ?>
 
 NOt only cURL, but all kinds of applications & browsers can choose not t=
 o  =
 
 directly follow your location headers. If you open pages with cURL, and =
 =
 
 you want to obey redirects from the header, use:
 curl_setopt($curl,CURLOPT_FOLLOWLOCATION, true);
 -- =
 
 Rik Wasmus
  Navigation: [Reply to this message] |