Geek asks and answers

Any security issues with $ _SERVER ['REQUEST_URI'] and a header ('location: ...');

My site has a header, footer and main content. If the user is not logged in, a login form may be displayed for the main content instead of the actual content.

In this login form, I write $_SERVER['REQUEST_URI']in a session variable $_SESSION['redirect'].

My posthandler registration form, which the user logs into, will send the user after successfully logging in to this link through header('location: http://myserver.com'.$_SESSION['redirect']);

So, if I go to myserver.com/somesite.php?somevar=10, it will show the correct site if you are logged in. Otherwise, it will display the login form, however the URL in the address bar of the browser still says myserver.com/somesite.php?somevar=10 Then you enter your credentials and you are redirected to myserver.com/somesite.php?somevar=10, which then - after you are logged in - will be completely displayed.

I do not use the value REQUEST_URIfor the form action or as a href link.

Also, any variables $_GETthat I use, I first check to see if they match the regular expression (usually a string sha1or a randomly generated string of numbers and letters, without special characters) and I always use prepared statements if the get variable is used in the db request .

My question is, are there any security issues with this ? Any ways to use this, enter something malicious in the url, and then send it to another user, for example ...? Should I somehow avoid something in this process?

+5
source share
4 answers

The key rule is that you always check your inputs / outputs and see that you can and cannot control (and therefore what can be controlled by the user). Based on this, you apply safety / disinfection measures.

, , . , , , $_SERVER['request_uri'] ( ).

, , , , . , . @Wayne , , , .

, $_GET, $_SERVER['request_uri']. . , , , request_uri html_entities() - . , , ../, // ./, , html_entities()

: - - ? - , , .

------ EDIT @12-12-2013 -----

( , , , )

PHP:

$_SERVER['REQUEST_URI']: The URI which was given in order to access this page;
                         for instance, '/index.html'.

, , yourdomain.com/posts/post.php?../../../ssh, webapp , , post.php?../../../ssh , URL-. - ../../../ssh post.php, ssh, -. SSH-. , - - . , - URL.

, http-, chrooting .. , , , , .

$_SERVER['request_uri'] , , , . , () PHP, , .

, , .

- : , header('location'... , : PHP ? , . , : urlencode()

+3

. / , , ... , .

, , , , , . script . - SQL- . , , .

- HTTP, script, Super Global, , . , script, , , .

google php , : http://www.noupe.com/php/php-security-tips.html

+1

100% . OWASP Top Ten. .

, ( ), $_SESSION, $_SERVER['REQUEST_URI']. REQUEST_URI GET POST ( ), . URI, , .

+1

URL-, , , , , . , URI, URI, . , PHP . , PHP:

4.4.2 5.1.2. .

traversal , , , . , location, . , , , , , location .

exit , , HTTP: -

<html>
<?php
/* This will give an error. Note the output
 * above, which is before the header() call */
header('Location: http://www.example.com/');
exit;
?>

I cannot comment on every vulnerability of your site, but essentially the way you offer redirects should be safe. However, you must make sure that your site is accessible only through HTTPS, which will encrypt the connection and ensure that it is safe from MITM attacks . You should also set a secure flag in your session cookie to make sure that it cannot be leaked through a connection without HTTPS.

0
source

More articles:


All Articles