Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

zniekształcony HTTP_REFERER

4 views
Skip to first unread message

Jivanmukta

unread,
Aug 18, 2016, 9:20:23 AM8/18/16
to
Zapisuję (w CodeIgniterze) do tabeli z kolumną varchar(200) wartość
pobraną z $_SERVER['HTTP_REFERER'] i mam w bazie napis:
http //localhost/~robert/announcement?XDEBUG_SESSI
tzn. bez dwukropka i z obciętym stringiem. Żadnych operacji
stringowych nie robię.
Niestety problem występuje bardzo rzadko i nie udało mi się tego
odtworzyć podczas debugowania. Prawie zawsze mój HTTP_REFERER jest OK.
Czy macie pomysł jaki może być powód takiego dziwoląga?

J.O. Aho

unread,
Aug 18, 2016, 1:37:41 PM8/18/16
to
As my Polish suxx, not sure if I have misunderstood you, just tell me if so.

The HTTP_REFERER always depends on the settings on the browser,
depending on the browser you may allow referer within a domain, over
domains and to disable it completely.

It's also easy to spoof, so do never expect to have a referer and if you
have one, never trust it.

--

//Aho

Thomas 'PointedEars' Lahn

unread,
Aug 18, 2016, 11:55:18 PM8/18/16
to
comp.lang.php Warning: Bad 'Path' origin in - on line 1. Further output may
be affected. See <http://news.aioe.org/index.php?id=complaints#d4> for
details.

Jivanmukta wrote:
^^^^^^^^^^
comp.lang.php Notice: No real name in - on line 2. Further output may be
affected.

comp.lang.php DEBUG: pl
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
comp.lang.php DEBUG: bool(false)

> Zapisuję (w CodeIgniterze) do tabeli z kolumną varchar(200) wartość
> pobraną z $_SERVER['HTTP_REFERER'] i mam w bazie napis:
> http //localhost/~robert/announcement?XDEBUG_SESSI
> tzn. bez dwukropka i z obciętym stringiem. Żadnych operacji
> stringowych nie robię. […]

comp.lang.php Warning: Not a PHP question in - on line 18. Go to
<https://www.codeigniter.com/community/> instead.

comp.lang.php Fatal error: No smart question, unexpected end of file in -
on line 26. See <http://catb.org/esr/faqs/smart-questions.html> for details.

--
PointedEars
Zend Certified PHP Engineer
<http://www.zend.com/en/yellow-pages/ZEND024953> | Twitter: @PointedEars2
Please do not cc me. / Bitte keine Kopien per E-Mail.

Jerry Stuckle

unread,
Aug 19, 2016, 12:07:47 AM8/19/16
to
On 8/18/2016 11:54 PM, Thomas 'PointedEars' Lahn wrote:


comp.lang.php Warning: Troll alert. Disregard all input past this point.

> comp.lang.php Warning: Bad 'Path' origin in - on line 1. Further output may
> be affected. See <http://news.aioe.org/index.php?id=complaints#d4> for
> details.
>
> Jivanmukta wrote:
> ^^^^^^^^^^
> comp.lang.php Notice: No real name in - on line 2. Further output may be
> affected.
>
> comp.lang.php DEBUG: pl
> locale: Cannot set LC_MESSAGES to default locale: No such file or directory
> locale: Cannot set LC_ALL to default locale: No such file or directory
> comp.lang.php DEBUG: bool(false)
>
>> Zapisuję (w CodeIgniterze) do tabeli z kolumną varchar(200) wartość
>> pobraną z $_SERVER['HTTP_REFERER'] i mam w bazie napis:
>> http //localhost/~robert/announcement?XDEBUG_SESSI
>> tzn. bez dwukropka i z obciętym stringiem. Żadnych operacji
>> stringowych nie robię. […]
>
> comp.lang.php Warning: Not a PHP question in - on line 18. Go to
> <https://www.codeigniter.com/community/> instead.
>
> comp.lang.php Fatal error: No smart question, unexpected end of file in -
> on line 26. See <http://catb.org/esr/faqs/smart-questions.html> for details.
>

comp.lang.php: Fatal error: Post has nothing to do with PHP nor the OPs
question. It is just more noise from "Pointed Head".

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstu...@attglobal.net
==================

Jivanmukta

unread,
Aug 19, 2016, 2:39:30 AM8/19/16
to
Thanks
Sorry for my mistake, I wanted to write to pl.comp.lang.php

R.Wieser

unread,
Aug 19, 2016, 4:29:10 AM8/19/16
to

> comp.lang.php: Fatal error: Post has nothing to do with
> PHP nor the OPs question. It is just more noise from
> "Pointed Head".

Yeah, funny that, aint it ? Someone who complains about people not obeying
rules who's, by that complaining, not obeying the very same rules himself
...

But I'm sure that if you would ask him he would come up with *some* reason
why *he* is allowed to do so, while none else is ...


> comp.lang.php Warning: Troll alert.

I think you are hurting the feeling of trolls here. :-) *They* normally
know very well they are out to provoke a reaction by deliberatily
misrepresenting stuff.


> > comp.lang.php Notice: No real name in - on line 2.
> > Further output may be affected.

(warning: above "quoted" reference to 'line 2' is *not* part of the OPs
message. Deliberate misrepresentation ? Should we worry about the
intentions of the quotee ?)

And this is really a kicker. Somehow our "pointed ears" fellow here sees
no problem with munging is own name, but reserves the right to complain his
ass off when he thinks he sees others do the same ...

... and if I would have to make a guess the OP's name is "Jivan mukta". In
short, all that misses is a space character. A far cry from *deliberatily*
inserting some "funny self-reference" into his own, aint it ?


In short, we've got some "special" person here (and yes, that ' "special"
person' is an eufemism) who thinks he should point out other peoples flaws,
while staying (forcefully?) oblivious to his own. :-)


Oh well, if he starts to annoy me enough I'll just redirect his messages to
the "round archive". He's the very kind of person blacklists are invented
for. :-)

Rudy Wieser

-- Origional message:
Jerry Stuckle <jstu...@attglobal.net> schreef in berichtnieuws
np60me$rob$1...@jstuckle.eternal-september.org...
> On 8/18/2016 11:54 PM, Thomas 'PointedEars' Lahn wrote:
>
>
> comp.lang.php Warning: Troll alert. Disregard all input past this point.
>
> > comp.lang.php Warning: Bad 'Path' origin in - on line 1. Further output
may
> > be affected. See <http://news.aioe.org/index.php?id=complaints#d4> for
> > details.
> >
> > Jivanmukta wrote:
> > ^^^^^^^^^^
> > comp.lang.php Notice: No real name in - on line 2. Further output may
be
> > affected.
> >
> > comp.lang.php DEBUG: pl
> > locale: Cannot set LC_MESSAGES to default locale: No such file or
directory
> > locale: Cannot set LC_ALL to default locale: No such file or directory
> > comp.lang.php DEBUG: bool(false)
> >
> >> Zapisuje (w CodeIgniterze) do tabeli z kolumna varchar(200) wartosc
> >> pobrana z $_SERVER['HTTP_REFERER'] i mam w bazie napis:
> >> http file://localhost/~robert/announcement?XDEBUG_SESSI
> >> tzn. bez dwukropka i z obcietym stringiem. Zadnych operacji
> >> stringowych nie robie. [.]

Matthew Carter

unread,
Aug 19, 2016, 4:19:12 PM8/19/16
to
Thomas 'PointedEars' Lahn <Point...@web.de> writes:

> comp.lang.php Warning: Bad 'Path' origin in - on line 1. Further output may
> be affected. See <http://news.aioe.org/index.php?id=complaints#d4> for
> details.
>
> Jivanmukta wrote:
> ^^^^^^^^^^
> comp.lang.php Notice: No real name in - on line 2. Further output may be
> affected.
>
> comp.lang.php DEBUG: pl
> locale: Cannot set LC_MESSAGES to default locale: No such file or directory
> locale: Cannot set LC_ALL to default locale: No such file or directory
> comp.lang.php DEBUG: bool(false)
>
>> Zapisuję (w CodeIgniterze) do tabeli z kolumną varchar(200) wartość
>> pobraną z $_SERVER['HTTP_REFERER'] i mam w bazie napis:
>> http //localhost/~robert/announcement?XDEBUG_SESSI
>> tzn. bez dwukropka i z obciętym stringiem. Żadnych operacji
>> stringowych nie robię. […]
>
> comp.lang.php Warning: Not a PHP question in - on line 18. Go to
> <https://www.codeigniter.com/community/> instead.
>
> comp.lang.php Fatal error: No smart question, unexpected end of file in -
> on line 26. See <http://catb.org/esr/faqs/smart-questions.html> for details.

Haha

--
Matthew Carter (m...@ahungry.com)
http://ahungry.com
0 new messages