REQUEST and COOKIE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Seeing the $_REQUEST[] and it is a matrix that has the content of $_GET,
$_POST and $_COOKIE, I think this can be used maliciously into the script.
i.e.:
request1.php
<?php
        setCookie("name","alejandro");
        echo "<script>location.href='request2.php'</script>";
?>

In this case, I'm setting the variable 'name' with value 'Alejandro', then
redirects to request2.php
request2.php
?php
        print_r($_COOKIE);
        echo "<br>";
        print_r($_REQUEST);
        echo "<br>";
        if(@$_REQUEST['name'] == "admin"){
                echo "I am admin";
        }else{
                echo "You can not see this page";
        }
?>

Here's the problem. The variable called 'name' is into REQUEST context, and
this is accessible by GET and POST methods, and it is accessible by the
COOKIE matrix as well. In this case, use Request is unsafe because I can
change the variable called 'name' via GET method and it's give me access as
admin.

Mi question is: I do not see the good practice of using COOKIE values into
of REQUEST, what I mean is that it can become in a programming bug. Also I
could not fin answers anywhere else.

thoughts?
Thanks!

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux