How to stop this?

**arnage** · 07.02.11, 19:58

For example, user post his link in my guest book. Posted link is coding-talk.com

Open xhtml source of guest book page and u will see:

/index.php?a=going&go=coding-talk.com

Copy-Paste it in ADDRESS BAR of your browser or use Opera option "Copy Link Address" and it looks this:

Code:

http://mysite.rs/index.php?a=going&go=coding-talk.com

Click ENTER it opens coding-talk.com

<<< PROBLEM >>>

In ADDRESS BAR change coding-talk.com WITH google.com:

Code:

http://mysite.rs/index.php?a=going&go=[B]google.com[/B]

Click ENTER it opens google.com

google.com IS NOT POSTED site link in the guest book and this request (added in address bar) must be terminated by calling exit;
----------------------------------------------------

I hope im understandable now.

**eeeh_aarrh** · 07.02.11, 20:16

PHP Code:


$go = $_GET['go']; 

$link = $_GET['linkrow']; 

$getgo = strpos($link, $go); // preg_match also not work 

if ($getgo === true) { 

header('Location: http://'.$go.'/'); 

    exit; 

} 

else { exit; }

Added after 10 minutes:

Where would you get the value of the real url that is supposed to match $go?

**arnage** · 07.02.11, 20:34

Thats what im think problem is and don't know how to define it properly. Im defined it in guest book like:

PHP Code:


$linkrow = array($row[this]);

foreach ($linkrow as $go) {

$go = str_replace('http://', null, $go);

$go = htmlentities($go, ENT_QUOTES);

echo '

<a href="/index.php?a=going&amp;go='.urlencode($go).'"><span class="si_y">'.$go.'</span></a>';

}

**frostymarvelous** · 07.02.11, 21:27

If you want to redirect users to google if they click a link, simply use this at the top of your page

PHP Code:




If (isset($_GET['go'])) // check if the go var is set 

{

header('Location:http://google.com');// redirect to google no matter the url which was posted. No reason to do any checks unless you wish to substitute based on a condition.

exit;//make sure the rest of the code is not run.

}

**arnage** · 07.02.11, 21:39

Originally posted by frostymarvelous View Post

If you want to redirect users to google if they click a link, simply use this at the top of your page

PHP Code:




If (isset($_GET['go'])) // check if the go var is set 

{

header('Location:http://google.com');// redirect to google no matter the url which was posted. No reason to do any checks unless you wish to substitute based on a condition.

exit;//make sure the rest of the code is not run.

}

I don't want that bro.

I used coding-talk.com and google.com links just as an example. This is exactly the problem, read the last line >>>

Originally posted by arnage View Post

For example, user post his link in my guest book. Posted link is coding-talk.com

Open xhtml source of guest book page and u will see:

/index.php?a=going&go=coding-talk.com

Copy-Paste it in ADDRESS BAR of your browser or use Opera option "Copy Link Address" and it looks this:

Code:

http://mysite.rs/index.php?a=going&go=coding-talk.com

Click ENTER it opens coding-talk.com

<<< PROBLEM >>>

In ADDRESS BAR change coding-talk.com WITH google.com:

Code:

http://mysite.rs/index.php?a=going&go=[B]google.com[/B]

Click ENTER it opens google.com

google.com IS NOT POSTED site link in the guest book and this request (added in address bar) must be terminated by calling exit;
----------------------------------------------------

I hope im understandable now.

**frostymarvelous** · 07.02.11, 23:33

Arnages, email me the script. I guess ill better understand it then. Sfroelich01 {at> gmail dot com

**wap2k** · 08.02.11, 06:37

Here is another way

Replace

Code:

$linkrow = array($row[this]);
foreach ($linkrow as $go) {
$go = str_replace('http://', null, $go);
$go = htmlentities($go, ENT_QUOTES);
echo '
<a href="/index.php?a=going&amp;go='.urlencode($go).'"><span class="si_y">'.$go.'</span></a>';
}

With

Code:

$linkrow = array($row[this]);
foreach ($linkrow as $go) {
$go = str_replace('http://', null, $go);
$go = htmlentities($go, ENT_QUOTES);
echo '
<a href="/index.php?a=going&amp;go='.urlencode($go).'&key='.md5(urlencode($go)).'"><span class="si_y">'.$go.'</span></a>';
}

and this

Code:

elseif ($a == 'going') {
$go = $_GET['go']; 

if( !isset($go) || $go == '') { exit; } 
    header('Location: http://'.$go.'/'); 
    exit;
}

with

Code:

elseif ($a == 'going') {
$go = $_GET['go']; 
$key = $_GET["key"];

if($key!==md5($go) || !isset($go) || $go == '') { exit; } 
    header('Location: http://'.$go.'/'); 
    exit;
}

**something else** · 08.02.11, 07:04

I can only guess you are wanting to do this to stop referrer information being passed ? .....
if so its still pointless as you can use any site as referrer very easily eg by posting javascript into your url bar:

PHP Code:


javascript:window.location="http://somesite.con";

or there is a few other ways.

**arnage** · 10.02.11, 17:27

It seems that this is the solution to my problem. Thanks Wap2k! Tomorrow I will try to implement it, for some time I have no internet at home, now I am with relatives.

I didn't know for that Something else, thanks for the info. Going to keep this in mind.

**arnage** · 11.02.11, 19:59

Yap thats it, thanks again.

How to stop this?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment