You are not logged in. Please login or register.
PunBB Forums → Programming → Using request_uri safely
Am I correct in assuming that using something along the lines of:
$redirect_url = $_SERVER['REQUEST_URI'];for login redirection would be something akin to bending over and waiting patiently? 
Is there any way to parse/use that safely, so that if http_referer isn't set, there is some way to forward them to the page they actually requested, after login?
Cheers.
It actually isn't as bad as you think 
It's more of an issue for XSS/SQL inject, since I can put quotes, HTML, etc into the request URI. However, I don't think you can redirect people to arbitrary sites that way.
But I don't think REQUEST_URI is what you're looking for. That's data on the current page, not on any referring page. If you want to see how 1.3 deals with the issue, check out the prev_url column in the online table.
But I don't think REQUEST_URI is what you're looking for. That's data on the current page, not on any referring page. If you want to see how 1.3 deals with the issue, check out the prev_url column in the online table.
Just had a quick peek at 1.3. 
Looks like it would be fairly painless to backport that? Am I correct in assuming, from my quick code browsing session, that it's placed into the pun_user array, so would also be of use elsewhere inplace of that javascript back link used in 1.2? (That thing is my bane for true XML validity).
Exactly
Cheers. Guess what my task is for the next hour or two.
PunBB Forums → Programming → Using request_uri safely
Powered by PunBB, supported by Informer Technologies, Inc.