I am going through a current login system and there's a redirect c开发者_如何学JAVAarried out after a successful login simply using header("Location: ".$_POST['url']);. The $_POST['url'] itself is set from the $_GET['url'] parameter in a hidden field when the form is loaded.
As you can see there is an obvious way to hijack the user and maybe even get them to login to a phishing site.
Is there a foolproof, easy way to prevent hijacking from the $_POST['url']? My initial trail of thought would be something like basename() but sometimes the desired page is within a directory, so this would not work.
You should set the redirect URL in the user session, and redirect the user to that URL after the successful login. This way the URL can't be hijacked.
I think the most secure way would be to use only the part after the domain name and make a whitelist of files / directories that are allowed and check against these.
Use parse_url() to get PHP_URL_PATH and PHP_URL_QUERY parts, and redirect to relative path.
But it'll better to store redirect links in session.
It will be from POST variables using that code, not GET variables. However, neither is any more 'secure' in the sense that both can be faked with relative ease. If you are concerned about the value(s) that might be passed, you will need to validate them in some way. If there is only a small handful of possible URLs, just check if the value is in_array() and redirect to a default location if not.
I'm not sure what you are concerned about happening, though. Couldn't a user just type in any URL in their address bar? What good would it be to redirect yourself to another URL this way? Unless this software relies on HTTP_REFERER for security...which would also not be secure.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论