PHP :: Bug #31507 :: HTTP_REFERER missing this

Bug #31507	HTTP_REFERER missing this
Submitted:	2005-01-12 04:24 UTC	Modified:	2005-01-12 05:22 UTC
From:	motion_4u at hotmail dot com	Assigned:
Status:	Not a bug	Package:	URL related
PHP Version:	4.3.10	OS:	all
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	motion_4u at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2005-01-12 04:24 UTC] motion_4u at hotmail dot com

Description:
------------
I see that there is a misunderstanding issue regarding the HTTP_REFERER.
Please read thoroughly before you will automatically paste the phrase ?but it is not a php bug?? 
It is not a bug, it is only a very important missing option.

You have received hundreds of bug reports regarding the referrer and argument it that the problem is definitely due to the blocked communication of the browser since the REFERRER is returned from the browser.
Here, there is something very important that you have neglected.
Not only the browser calls a page. the server does it too!
For example, what is the value of the HTTP_REFERER of an included in another one? 
There are many situations that a PHP file is included in another PHP file before it is parsed and sent to the browser. In this case the HTTP_REFERER  is very well known by the SEVER or better to say by PHP! An included file MUST update the header with the URL of the caller which is already there.
It might seem something not important but if someone would like to make sure that only one file is allowed to call and include another php file on the server, the only way to verify it is to call the HTTP_REFERER and check who called this file. Incase that it happens on the server the HTTP_REFERER  must contain the URL.


Example:

A PHP file [referrer.php] includes a hidden value from the [hiddenphpfile.php]
file. The [hiddenphpfile.php] would return the hidden value only if the referrer is known
WHO IS THE REFERRER IN THIS CASE????
Yes, we all know that the file [referrer.php] is the referrer but PHP doesn?t know it and the value of the $referrer stays NOTHIG with your argumentation that the browser didn?t return anything. 
I hope that I could explain it better.

[FILENAME: hiddenphpfile.php]

$referrer=getenv('HTTP_REFERER');
if($referrer==?http://myurl/mypage.php?)
{
 return (? $SomeHiddenValue?); 
}


[FILENAME referrer.php]

$ref=include "refer.php";
echo $ref;


Reproduce code:
---------------
[FILENAME: hiddenphpfile.php]

$referrer=getenv('HTTP_REFERER');
if($referrer==?http://myurl/mypage.php?)
{
 return (? $SomeHiddenValue?); 
}


[FILENAME referrer.php]

$ref=include "refer.php";
echo $ref;


Expected result:
----------------
recieve the referrer value
incase that including a php file within another one.

Actual result:
--------------
nothing

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-01-12 05:22 UTC] jed@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

This has nothing to do with PHP at all.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 12:00:01 2025 UTC