[snip] Currently I'm building a small application for internal office use but I'd like to get some feedback on a certain aspect of it. When someone tries to access a page they do not have access to they are redirected to the login page with the URL they tried to access in the querystring. This URL is then snuck into the login form as a hidden variable (called 'nexturl') so they can be sent back to the page they came from after a successful login. I can see this happening when someone bookmarks one of their own pages and then tries to go directly there after their session has ended. Instead of making them navigate all the way back to that page I figure I'll just send them directly. My question for the list is: Are there any validation checks I should do on the 'nexturl' variable before it is used as a redirect? The only situation I can come up with where this could be exploited is if someone sends a malicious URL through email to another employee with the intention of course being that after they successfully login they will be redirected to desired URL. Are there any "best practices" for this kind of thing? Would it be enough to verify that the page being redirected to is within my own domain? [/snip] You could always make the value a session variable and then use location to redirect. That way the URL is hidden from the user and would prevent others from spoofing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
