php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31507 HTTP_REFERER missing this
Submitted: 2005-01-12 04:24 UTC Modified: 2005-01-12 05:22 UTC
From: motion_4u at hotmail dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: 4.3.10 OS: all
Private report: No CVE-ID: None
 [2005-01-12 04:24 UTC] motion_4u at hotmail dot com
Description:
------------
I see that there is a misunderstanding issue regarding the HTTP_REFERER.
Please read thoroughly before you will automatically paste the phrase ?but it is not a php bug?? 
It is not a bug, it is only a very important missing option.

You have received hundreds of bug reports regarding the referrer and argument it that the problem is definitely due to the blocked communication of the browser since the REFERRER is returned from the browser.
Here, there is something very important that you have neglected.
Not only the browser calls a page. the server does it too!
For example, what is the value of the HTTP_REFERER of an included in another one? 
There are many situations that a PHP file is included in another PHP file before it is parsed and sent to the browser. In this case the HTTP_REFERER  is very well known by the SEVER or better to say by PHP! An included file MUST update the header with the URL of the caller which is already there.
It might seem something not important but if someone would like to make sure that only one file is allowed to call and include another php file on the server, the only way to verify it is to call the HTTP_REFERER and check who called this file. Incase that it happens on the server the HTTP_REFERER  must contain the URL.


Example:

A PHP file [referrer.php] includes a hidden value from the [hiddenphpfile.php]
file. The [hiddenphpfile.php] would return the hidden value only if the referrer is known
WHO IS THE REFERRER IN THIS CASE????
Yes, we all know that the file [referrer.php] is the referrer but PHP doesn?t know it and the value of the $referrer stays NOTHIG with your argumentation that the browser didn?t return anything. 
I hope that I could explain it better.

[FILENAME: hiddenphpfile.php]

$referrer=getenv('HTTP_REFERER');
if($referrer==?http://myurl/mypage.php?)
{
 return (? $SomeHiddenValue?); 
}


[FILENAME referrer.php]

$ref=include "refer.php";
echo $ref;


Reproduce code:
---------------
[FILENAME: hiddenphpfile.php]

$referrer=getenv('HTTP_REFERER');
if($referrer==?http://myurl/mypage.php?)
{
 return (? $SomeHiddenValue?); 
}


[FILENAME referrer.php]

$ref=include "refer.php";
echo $ref;


Expected result:
----------------
recieve the referrer value
incase that including a php file within another one.

Actual result:
--------------
nothing

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-12 05:22 UTC] jed@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

This has nothing to do with PHP at all.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC