doudou5421 2011-02-06 21:14
浏览 15
已采纳

这个PHP重定向是不安全的吗?

Hmm I can't really indentify any insecurities but was wondering whether you can, if so how to possibly patch/mend?

Heres the code:

header("Location: http://example.com/search/{$_POST['term']}/{$_POST['type']}");

The site which i'm redirecting too does the validation & sanitization on their side, but what I'm concerned about is - is this redirecting insecure in any way (on my side - seeing as I'm using direct $_POST's).

Appreciate all help.

PS: Just became curious as I've always thought using unsanizited user input is dangerous (or atleast that applies to XSS and SQLi).

  • 写回答

4条回答 默认 最新

  • douzhi2988 2011-02-06 21:22
    关注

    Overall, for most websites running a modern version of PHP, it is secure.

    There are two concerns at hand:

    • A malicious user may be able to trick a victim into unwittingly visiting any page of the form /search/*/* on the site by linking them to a malicious page that POSTs to the page with your redirect. (Note that they are not limited to just two slashes after/search because their POST variables may contain slashes.) This is similar to handing someone a shortened bit.ly URL that redirects them, so it's not too bad.
    • HTTP response splitting. If a malicious user includes newlines (specifically, CRLF / ) within their POST data, they can cause your header() call to output multiple headers, including headers to set cookies, and so on. However, as of PHP 5.1.2 this has been fixed.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 ansys fluent计算闪退
  • ¥15 有关wireshark抓包的问题
  • ¥15 Ubuntu20.04无法连接GitHub
  • ¥15 需要写计算过程,不要写代码,求解答,数据都在图上
  • ¥15 向数据表用newid方式插入GUID问题
  • ¥15 multisim电路设计
  • ¥20 用keil,写代码解决两个问题,用库函数
  • ¥50 ID中开关量采样信号通道、以及程序流程的设计
  • ¥15 U-Mamba/nnunetv2固定随机数种子
  • ¥30 C++行情软件的tick数据如何高效的合成K线