Re: Double click problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 20, 2008 at 10:39 AM, Lamp Lists <lamp.lists@xxxxxxxxx> wrote:
> the way I solved the "click back button" issue (simplified vresion):
>
>  confirmation page (conf.php) -> transfer page (tp.php) -> thank you page (typ.php)
>
>  #conf.php
>  # after the form is submitted and confirmed
>  header('location: tp.php?url=typ.php');
>  exit;
>
>  #tp.php
>  header('location:$_GET['url']);
>  exit;
>
>  and, if visitor clicks on back button on thakyou page he will go actually to the transfer page - which will send him back to thankyou page
>  ;)
>
>  -ll
>
>
>
>
>
>  ----- Original Message ----
>  From: tedd <tedd.sperling@xxxxxxxxx>
>  To: php-general@xxxxxxxxxxxxx
>  Sent: Wednesday, March 19, 2008 11:43:06 AM
>  Subject: Re:  Double click problem
>
>  At 4:19 PM +0000 3/19/08, Richard Heyes wrote:
>  >tedd wrote:
>  >// ...
>  >
>  >Your first (and the quickest by far) method to employ would be to
>  >disable the submit button using Jabbascript when the form is
>  >submitted. That will stop the vast majority of occurrences. You
>  >could also employ an intermediary page which actually does the card
>  >processing and when complete redirects to the "thank you" page. ie.
>  >
>  >    Form --> "Please wait..." page --> "Thank you" page
>
>  That's in place. The person clicks the "confirm purchase" and they
>  are taken to a "confirm and thank you page".
>
>  The problem here is two fold -- 1) clicking the "confirm
>  purchase"button twice, which I think js will stop; 2) and clicking
>  the back-button which the token should stop.
>
>  Now, I just need to develop a test for this. Sometime writing a test
>  is more of a problem than writing the solution.
>
>  Thanks for everyone's help.
>
>  Cheers,
>
>  tedd
>
>
>  --
>  -------
>  http://sperling.com  http://ancientstones.com  http://earthstones.com
>
>  --
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>       ____________________________________________________________________________________
>  Looking for last minute shopping deals?
>  Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Allowing unscrubbed user data in a header is a really bad idea.

- http://en.wikipedia.org/wiki/HTTP_response_splitting
- http://www.owasp.org/index.php/Open_redirect

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux