Discussion:
extracting the file name from the referrer
John
2006-11-17 23:22:30 UTC
Permalink
I need to extract just the filename from the referring url, stripping it of
the path and any post vars on the end. there's got to be an easier way than
this eh?



$referrer = trim(strrchr(substr($_SERVER['HTTP_REFERER'],0,
strpos($_SERVER['HTTP_REFERER'],"?")), "/"), "/")



Thanks!



-JP
John
2006-11-17 23:54:56 UTC
Permalink
R> you may want to look at the parse_url and explode functions.

Thanks, I'll look into that

R> you do realize that the referer, should it exist <...>

Good point, thanks for pointing that out. Yes, I was aware of that it
didn't come to mind. The security isn't so much an issue as that's already
handled, though if someone has their referrers turned off, it would be a
problem.

I'm trying to establish three things before I do a block of processing

a) a form was submitted
b) a processing flag was previously set to process
c) the form/data being submitted/processed is from the correct page - which
was where the referring url came in.

Any other suggestions or alternatives for c?






-----Original Message-----
From: replies-lists-***@listmail.innovate.net
[mailto:replies-lists-***@listmail.innovate.net]
Sent: Friday, November 17, 2006 5:41 PM
To: John
Subject: Re: [PHP] extracting the file name from the referrer

you may want to look at the parse_url and explode functions.

you do realize that the referer, should it exist, is of questionable
value? with various browsers the user can set it to a value of their
liking or simply turn it off. also various firewall products strip it
out for privacy reasons.


- Rick
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ivo F.A.C. Fokkema
2006-11-20 08:35:49 UTC
Permalink
Post by John
R> you may want to look at the parse_url and explode functions.
Thanks, I'll look into that
Also, try basename().
Post by John
R> you do realize that the referer, should it exist <...>
Good point, thanks for pointing that out. Yes, I was aware of that it
didn't come to mind. The security isn't so much an issue as that's already
handled, though if someone has their referrers turned off, it would be a
problem.
I'm trying to establish three things before I do a block of processing
a) a form was submitted
b) a processing flag was previously set to process
c) the form/data being submitted/processed is from the correct page - which
was where the referring url came in.
Any other suggestions or alternatives for c?
Well, it depends on how secure you want it to be. You could do:

'<INPUT type="hidden" name="referrer" value="' .
md5(basename($_SERVER['PHP_SELF'])) . '">'

on the form page, and check for the value on the receiving page:

if (empty($_POST['referrer']) || !in_array($_POST['referrer'],
$list_of_known_md5_pages)) {
// User is messing with ya!
} else {
// OK, let 'm through.
}

I would recommend adding a little string to the filename right before it's
md5'ed, as a smart user may quickly figure out
md5(basename($_SERVER['PHP_SELF'])) and forge it.

Ivo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Richard Lynch
2006-11-20 22:44:51 UTC
Permalink
Post by John
a) a form was submitted
b) a processing flag was previously set to process
c) the form/data being submitted/processed is from the correct page - which
was where the referring url came in.
When you send out the FORM, include a

<INPUT TYPE="HIDDEN" NAME="token" VALUE="[random value here]" />

Store that random token in your $_SESSION or database or have the
squirrels [*] remember it for you.

Then, when they POST, check that they are presenting an existing token
from your $_SESSION, database, or squirrels nut-store.


Not, like, squirrel mail or anything, but actual squirrles. You know,
like rats with bushy tails. :-)
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Richard Lynch
2006-11-20 22:41:52 UTC
Permalink
http://php.net/parse_url
Post by John
I need to extract just the filename from the referring url, stripping it of
the path and any post vars on the end. there's got to be an easier way than
this eh?
$referrer = trim(strrchr(substr($_SERVER['HTTP_REFERER'],0,
strpos($_SERVER['HTTP_REFERER'],"?")), "/"), "/")
Thanks!
-JP
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Continue reading on narkive:
Loading...