2

I am reading a script but am stuck on understanding this:

$redirect = base64_decode($_REQUEST['redirect']);
header("Location:$redirect");exit;

because the redirect variable in REQUEST isn't defined anywhere in the script. Prior to this a POST form has been filled in, but there is NO mention of the redirect variable anywhere in the script so I am confused how it is not empty...

EDIT:

here's the form code below. btw like I said, the word 'redirect' doesn't appear ANYWHERE in the script, which is what is confusing me.

        <form name="login" action="{$baseurl}/login" method="post">
            {$lang12}
            <input type="text" name="username" />
            {$lang11}
            <input type="password" name="password" />
            <input type="submit" value="{$lang18}" />
            <div class="test"><a href="{$baseurl}/signup"><b>{$lang30}</b></a> - <a href="{$baseurl}/password">{$lang19}</a></div>
            <input type="hidden" name="authenticate" value="1" />
        </form>
        </div>

The $lang stuff is commonly appearing words from an array, e.g login, etc.

Improve this question
1
  • Post a link to the full script, please. Commented Aug 18, 2010 at 22:47

4 Answers 4

Reset to default
1

I don't think this is possible to answer for certain without seeing the actual code but $_REQUEST holds all the variables in $_GET, $_POST and $_COOKIE.

A form can actually populate both $_GET and $_POST if its method is set to 'post' and its action is a url with url encoded variables. Thus the form might be posting all of its data to a url and then adding get variables to the end of that url. For example:

<form method='post' action='example.php?var=test'>
    <input name='var2' id='var2' />
</form>

If that form were submitted, the following would be defined: $_POST['var2'], $_GET['var'], $_REQUEST['var2'], $_REQUEST['var'].

$_COOKIE could also be putting hidden variables in $_REQUEST.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

$_REQUEST

An associative array that by default contains the contents of $_GET, $_POST and $_COOKIE.

So if you have $_POST['redirect'], $_GET['redirect'] or $_COOKIE['redirect'], $_REQUEST['redirect'] will be defined. Try to put:

var_dump($_POST['redirect']);
var_dump($_GET['redirect']);
var_dump($_COOKIE['redirect']);

To find out where it's coming from.

Improve this answer

4 Comments

I'm talking about the redirect variable in the request array. How is that always defined? And what is it's initial value if so?
$_REQUEST['redirect'] should not be defined not that $_REQUEST should not be defined.
David we need to see your form's markup in order to debug your issue
I have updated the question. I will attempt the var dump thank you
0

it have so much possibility that the redirect variable is a cookies. if you cannot find it at the form.

var_dump($_REGISTER);

that will list all your input variable associated with POST, GET and COOKIES.

Improve this answer

Comments

0

If it's not empty what's the content of it?

I think it should be something like this...

$redirect = base64_decode($_GET['redirect']);
if(!empty($redirect){
header("Location: $redirect");
exit;
}

It doesn't matter that it's not in the script, you can set it via GET, eg /yourform.php?redirect=index.php

Is it causing unwanted redirection?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.