php and javascript redirect

Question

Hi in a simple page i use php and javascript redirect to return to referrer page.

header("Location: $refererScript");

onclick="window.location.href='<?=$refererScript?>';"

Which is the best way to protect those scripts from generate errors:

Ex. should i use urlencode for $refererScript (or at least for query string ) and if so will this acceptable from javascript or must use escape (or something else)

For $refererScript i use the code above

$ref=$_SERVER["HTTP_REFERER"];
$refererParts = parse_url($_SERVER['HTTP_REFERER']);
$refererQuery=$refererParts["query"];
$refererFolders=explode("/",$refererParts["path"]);
$refererScript=$refererFolders[sizeof($refererFolders)-1];
if($refererQuery!="")
{ $refererScript.="?".$refererQuery; }

Thanks

Sarfraz · Accepted Answer · 2010-02-15 08:14:46Z

3

I would suggest you to use php header approach because if javascript is disabled, then there will be no redirect and you should url encode it eg:

$refererScript = urlencode($refererScript);
header("Location: $refererScript");

answered Feb 15, 2010 at 8:14

Sarfraz

384k81 gold badges561 silver badges613 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

ntan Over a year ago

Thanks, JavaScript redirect is necessary too.

Sarfraz Over a year ago

and there are ways to detect whether javascript is enabled or not on user's browser

Petr Peller · Accepted Answer · 2010-02-15 08:16:45Z

0

In the $_SERVER["HTTP_REFERER"]; should be already valid URL. If not, someone changed it manually and will get redirected to the wrong page.

I don't see any security risks here. Your code is fine.

answered Feb 15, 2010 at 8:16

Petr Peller

8,86610 gold badges55 silver badges66 bronze badges

Collectives™ on Stack Overflow

php and javascript redirect

2 Answers 2

2 Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

2 Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related