douwei8672
douwei8672
2015-02-06 00:55

将未经过处理的数据放在header()函数中

  • security
  • php
  • header
已采纳

Am I leaving my site vulnerable to attack by not filtering data inside a header redirect?

For example:

$foo = $_GET['foo'];

header("Location: /bar.php?foo=$foo");

die();

if the answer is yes, what types of attacks are they, and is simply escaping the data with htmlentities a viable solution?

$foo = $_GET['foo'];

$foo = htmlentities($foo);

header("Location: /bar.php?foo=$foo");

die();
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dqlxtv1452 dqlxtv1452 6年前

    URL parameters are not executed, so you're not opening yourself up to attack. However, failing to encode the data may cause the parameter to be interpreted incorrectly. You should use urlencode():

    $foo = urlencode($foo);
    header("Location: /bar.php?foo=$foo");
    
    点赞 评论 复制链接分享