Posted by Skeets on 02/11/06 01:37

probably the single worst case scenario is that a bunch of 13 year old
script kiddies laugh about you being pwn3d by them - and this can last
a while, too. -lol-

seriously, i think someone else answered your question, but i had to
get that in there, b/c it does happen.

can a script like this be modified to *know* that the form is being
sent from one's own site?

<?php
$host=apache_request_headers();
if(!eregi('domain.com',$host[Referer])){
//[...code to download file here...]
}else{
//[...code to download alternate file here...]
}
?>

it is a comment on php.net's manual $_server discussion.

iow, is...

$host=apache_request_headers();
if(!eregi('domain.com',$host[Referer])){

....spoofable or does it tell you where the page came from 100% of the
time?

• Next in forum: Re: Memory leak, what does it mean?
• Prev in forum: Re: how to embed microsoft word in a page using php
• Thread view: Re: PHP Passing Variables Between Pages and Security

[Reply to this message]