Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
mrix
Client


Joined: Dec 04, 2004
Posts: 757

PostPosted: Sun Oct 09, 2005 7:46 am Reply with quote

Hi all, I have 2 members now that have reported errors while posting? one was trying to donate in my paypal block and the other a general post on the forums the error is this

Warning: your browser doesn't send the HTTP_REFERER header to the website.
This can be caused due to your browser, using a proxy server or your firewall.
Please change browser or turn off the use of a proxy
or turn off the 'Deny servers to trace web browsing' in your firewall
and you shouldn't have problems when sending a POST on this website

this is starting to worry me now

any idea`s

Cheers
mrix
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Sun Oct 09, 2005 9:08 am Reply with quote

this might help..
Only registered users can see links on this board! Get registered or login!

But also read this carefully.. Only registered users can see links on this board! Get registered or login!

and check that with your members.
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Oct 09, 2005 11:17 am Reply with quote

IMO, it needs to be removed because it's causing too many problems for legitimate users. There are MANY legitimate users that MUST use a proxy and this kills them from posting. And, it is not a bug. A simple google search would have shown Quake (or whomever) that the HTTP_REFERER should not be used like this. At the very most, you might "borrow" the logic we use in NukeSentinel:

=============================================================
function get_referer() {
if (isset($_SERVER["HTTP_REFERER"])) {
return $_SERVER["HTTP_REFERER"];
} elseif (isset($HTTP_SERVER_VARS["HTTP_REFERER"])) {
return $HTTP_SERVER_VARS["HTTP_REFERER"];
} elseif (getenv("HTTP_REFERER")) {
return getenv("HTTP_REFERER");
} else {
return "none";
}
}
=============================================================

and if the call comes back "none", send the Admin an email with pertinent information to check out. Just my $.02 Smile
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©