duanjia4969
duanjia4969
2009-12-04 11:54
浏览 70
已采纳

Php获取导航

Hie

I use the GET method for navigation on one of my websites. The problem is that some dirty Einstein has create a link that calls another domain:

http://www.mywebsite.com?products=http://www.dirtyeinstein.com?fishform.inc

Is there a script that i can use to block this kind of abuse.

Thank you.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongping2023
    dongping2023 2009-12-04 11:58
    已采纳

    simply check in your script if the requested page exists, like

    // allowed get parameters for product
    $whiteList = array(
       'tvs',
       'toys',
    );
    
    $menu = $_GET['products'];
    
    if (! in_array($menu, $whiteList) {
       // forward to inde
    } else {
      // forward to requested page
    }
    
    点赞 评论
  • dongqiao8417
    dongqiao8417 2009-12-04 11:59

    Are you using navigation like that?

    http://www.mywebsite.com?products=book.php

    If you are not redirecting anyone out, I mean if you don't use something like

    http://www.mywebsite.com?products=http://www.myanotherdomain.com

    Then just check the string if it starts with "http"

    May help: http://nl2.php.net/manual/en/function.substr.php

    Ex:

    $str = $_GET['products'];
    if (strlen($str) > 4 && if (substr($str, 0, 4) == "http")
    {
       echo "You dirty Einstein!! Get out!";
       return;
    }
    
    点赞 评论

相关推荐